Security features bypass in Microsoft Kerberos AppContainer

1) Security features bypass

EUVDB-ID: #VU53918

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-31962

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Kerberos AppContainer. A remote attacker can bypass Kerberos authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10 2004 10.0.19041.264

Windows Server: 2008 - 2019 2004

CPE2.3

• cpe:2.3:o:microsoft:windows:10 1809:10.0.17763.1:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10 1909:10.0.18363.476:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10 2004:10.0.19041.264:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10 20H2:10.0.19042.572:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10 1607:10.0.14393.10:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:8.1 RT:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10 21H1:10.0.19043.985:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019 2004:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.10:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2008 R2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2012 R2:*:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.