Technical Analysis of CVE-2022-33679 and CVE-2022-33647 Kerberos Vulnerabilities

Written by Yoav Iellin and Dor Segal, Researchers at Silverfort Microsoft’s September 2022 Patch Tuesday included two high-risk elevation of privilege vulnerabilities in Kerberos, that were discovered by Google Project Zero. The two vulnerabilities take advantage of the ability to force Kerberos do downgrade its encoding from the default AES encryption to the outdated MD4-RC4. […]