Main Vulnerability Database Vulnerabilities #VU85243

Security features bypass in Windows and Windows Server - CVE-2024-20674

Published: January 10, 2024

Vulnerability identifier: #VU85243

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-20674

CWE-ID: CWE-254

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Windows Kerberos. An authenticated attacker on the local network can bypass the authentication feature.

Remediation

Install updates from vendor's website.

External links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674

Security features bypass in Windows and Windows Server - CVE-2024-20674

Description

Remediation

External links

Please verify you're human