Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Microsoft fixed Windows CVE-2024-26248, CVE-2024-29056 Kerberos PAC validation flaw

    Karlston

    By Karlston,
    Published Date:

    • 159 views
    • 3 minutes
     Share
    • 159 views
    • 3 minutes

    Microsoft this past week released its April 2024 Patch Tuesday updates for Windows 10 (KB5036892), Windows 11 (KB5036893), and more.

     

    Alongside those, the company also informed that the Patch addresses a couple of Kerberos PAC authentication security vulnerabilities tracked under CVE-2024-26248 and CVE-2024-29056, both of which are elevation of privilege flaws that bypass the PAC signature checks previously added in KB5020805.

     

    In its support document, Microsoft explains:

     

    The Windows security updates released on or after April 9, 2024 address elevation of privilege vulnerabilities with the Kerberos PAC Validation Protocol. The Privilege Attribute Certificate (PAC) is an extension to Kerberos service tickets. It contains information about the authenticating user and their privileges. This update fixes a vulnerability where the user of the process can spoof the signature to bypass PAC signature validation security checks added in KB5020805.

    Microsoft has also added that simply downloading and installing the April 2024 Patch Tuesday updates will not be enough to address the flaw and that users have to Enforce the changes too. This is only the Initial Deployment Phase for the Patch and it will not be Enforced by default until later.

     

    The full timeline of the upcoming changes is given below:

     

    April 9, 2024: Initial Deployment Phase - Compatibility Mode

     

    The initial deployment phase starts with the updates released on April 9, 2024. This update adds new behavior that prevents the elevation of privilege vulnerabilities described in CVE-2024-26248 and CVE-2024-29056 but does not enforce it unless both Windows domain controllers and Windows clients in the environment are updated.

     

    To enable the new behavior and to mitigate the vulnerabilities, you must make sure your entire Windows environment (including both domain controllers and clients) is updated. Audit Events will be logged to help identify devices not updated.

     

    October 15, 2024: Enforced by Default Phase

     

    Updates released on or after October 15, 2024, will move all Windows domain controllers and clients in the environment to Enforced mode by changing the registry subkey settings to PacSignatureValidationLevel=3 and CrossDomainFilteringLevel=4, enforcing the secure behavior by default.

     

    The Enforced by Default settings can be overridden by an Administrator to revert to Compatibility mode.

     

    April 8, 2025: Enforcement Phase

     

    The Windows security updates released on or after April 8, 2025, will remove support for the registry subkeys PacSignatureValidationLevel and CrossDomainFilteringLevel and enforce the new secure behavior. There will be no support for Compatibility mode after installing this update.

    You can find more details about it in the official support document under KB5037754 on Microsoft's website.

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...