Main Vulnerability Database Vulnerabilities #VU293

Kerberos privilege escalation in Windows and Windows Server - CVE-2016-3237

Published: August 10, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU293

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2016-3237

CWE-ID: CWE-255

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows an attacker with access to local network to gain elevated privileges.

The vulnerability exists in Kerberos implementation when handling password change request. A local attacker can make the operating system to fall back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.

Successful exploitation of this vulnerability will allow a local attacker to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine, intercept and decrypt credentials during password change request.

How to mitigate CVE-2016-3237

Sources

https://technet.microsoft.com/en-us/library/security/ms16-101.aspx

Kerberos privilege escalation in Windows and Windows Server - CVE-2016-3237

Detailed vulnerability description

How to mitigate CVE-2016-3237

Sources

Please verify you're human