[SANS ISC] Microsoft Out of Band Update Resolves Kerberos Issue, (Mon, Nov 15th)

Since Patch Tuesday, we’ve been tracking a Kerboros issue in November’s patch bundle that affected authentication in several deployment scenarios:

Azure Active Directory (AAD) Application Proxy Integrated Windows Authentication (IWA) using Kerberos Constrained Delegation (KCD)
Web Application Proxy (WAP) Integrated Windows Authentication (IWA) Single Sign On (SSO)
Active Directory Federated Services (ADFS)
Microsoft SQL Server
Internet Information Services (IIS) using Integrated Windows Authentication (IWA)
Intermediate devices including Load Balancers performing delegated authentication

This was fixed out of band yesterday (November 14, 2021).  If you have applied November’s update and are affected, you’ll want to apply the “November-take-two” update on any affected servers.

The full issue report is located here: https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019

The note on yesterday’s fix being released is here: https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9

If you haven’t applied November’s updates yet, you may have dodged a bullet this month, but you likely want to revisit your update cadence – in most other months you would be more vulnerable than safe at this point (the Monday after Patch Tuesday).


Rob VandenBrink
rob <at> coherentsecurity.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[SecurityWeek] Dutch Police Arrest Alleged Member of ‘Fraud Family’ Cybercrime Gang

All posts, Security Week

Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.” read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] New BloodyStealer Trojan Steals Gamers’ Epic Games and Steam Accounts

All posts, HackerNews

A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users’ accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market. Cybersecurity firm Kaspersky, which coined the malware “BloodyStealer,” said it first detected the malicious tool […]

Read More

[HackerNews] Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information

All posts, HackerNews

Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor. The commission-free stock trading and investing platform said the incident happened “late in the evening of November 3,” adding it’s in the process of […]

Read More