CVE-2016-0049

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows 10 Gold and 1511

Description The issue is related to the Kerberos component in Microsoft Windows, which does not properly validate password changes. This allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action. The vulnerability is also related to errors in managing registration data, which can be exploited by a local attacker to bypass the authentication procedure. Additionally, the vulnerability can be used to bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker.

Recommendations For Microsoft Windows Vista SP2, update the operating system to address the issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, apply the necessary security patches to resolve the vulnerability. For Microsoft Windows 7 SP1, install the latest security updates to fix the issue. For Microsoft Windows 8.1, apply the recommended security fixes to mitigate the risk. For Microsoft Windows Server 2012 Gold and R2, update the system with the latest security patches. For Microsoft Windows 10 Gold and 1511, install the necessary security updates to address the vulnerability. As a temporary workaround, consider restricting access to the Kerberos authentication mechanism until a patch is available.