Kerberos KDC Security Feature Bypass Vulnerability - CVE 2020 17049
Incident Report for Pulsant Service
Resolved
No further issues observed overnight. Outstanding remedial work is being picked up as part of our normal Support process.
Posted Nov 27, 2020 - 13:10 GMT
Identified
On 10th November 2020 Microsoft published CVE 2020 17049:

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).

To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.

The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.

Further details here:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049
https://support.microsoft.com/en-gb/help/4594441/windows-10-update-kb4594441

Pulsant actions – We are currently experiencing an increased ticket volume relating to authentication failures across multiple applications and services. If you believe that you may be suffering service impact due to the above issue please raise a ticket with our support team referencing this post.

Pulsant recommends that all customers who manage their own servers, refer to the guidance detailed in the links above.
Posted Nov 26, 2020 - 11:52 GMT