Advanced

Windows Kerberos Vulnerability: What You Should Know

CVE-2024-43639 is a critical (CVSS 9.8, temporal 8.5) remote code execution vulnerability rooted in a cryptographic flaw (CWE-197: Numeric Truncation Error) in how Windows handles Kerbero...

CVE-2024-43639 is a critical remote code execution (RCE) vulnerability affecting a cryptographic element of the Kerberos authentication protocol as implemented on Windows Server. An unauthenticated attacker can exploit the flaw by sending specially crafted requests that leverage the vulnerable cryptographic routine against a susceptible system. Successful exploitation grants the attacker unauthorized access to the target system along with the ability to execute arbitrary code — all without requiring any prior credentials or user interaction.

The vulnerability was publicly disclosed as part of Microsoft's November 2024 Patch Tuesday release.

An intuitive analogy is a music festival: on arrival you present your ticket and show ID to prove you are the person named on it. Your details are checked against a database to determine which parts of the festival (which services) you are entitled to access. A basic ticket might grant access only to the main arena, while a premium ticket grants VIP backstage access. Based on this, you receive a wristband — for example, blue for basic access and green for VIP access — that identifies which areas you may enter. When you approach the VIP area, a...

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: Understanding the Windows Kerberos KDC Proxy Vulnerability
  3. 3 Summary

More Vulnerability Briefings courses

View all 30

Interested in this course?

Contact us to book it or get a custom training plan for your team.