Windows Kerberos Bronze Bit attack gets public exploit, patch now
By
Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft.
The security bug tracked as CVE-2020-17049 and patched by Microsoft during November 2020 s Patch Tuesday can be exploited in what the researcher has named as
Kerberos Bronze Bit attacks.
Karnes provides a high-level summary of the vulnerability and details on how attackers can exploit it to compromised vulnerable Windows systems.
He has also published a low-level overview of the security bug with additional information on the Kerberos protocol, as well as practical exploit scenarios and details about how to implement and use Kerberos Bronze Bit attacks.