Endpoint Vulnerability

Kerberos SNAME Security Feature Bypass Vulnerability

Description

A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.

Affected Products

Windows 10,Windows 7,Windows 8,Windows RT 8.1,Windows Server 2008,Windows Server 2012,Windows Server 2016

References

CVE-2017-8495,