Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability

by George Chetcuti [Published on 25 July 2013 / Last Updated on 25 July 2013]

Microsoft has released fixes to address this issue on supported platforms.

The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue affects Microsoft Systems Windows XP to Windows Server 2003 editions and is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials. Attackers exploit this issue to spoof the domain controller/KDC during the initial authentication process.

The recommendations are to block external access at the network boundary, unless external parties require service. Also, to allow only trusted hosts and networks to connect to affected Kerberos servers. TCP and UDP port 88 should be filtered at the network boundary.

Read more here -

See Also

Review and Comments

* Required field

See Also

Featured Links