Main Vulnerability Database Vulnerabilities #VU85243

Security features bypass in Windows and Windows Server - CVE-2024-20674

Published: January 10, 2024

Vulnerability identifier: #VU85243

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-20674

CWE-ID: CWE-254

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Windows Kerberos. An authenticated attacker on the local network can bypass the authentication feature.

How to mitigate CVE-2024-20674

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674

Security features bypass in Windows and Windows Server - CVE-2024-20674

Detailed vulnerability description

How to mitigate CVE-2024-20674

Sources

Please verify you're human