Shai Laron

**Name of the Vulnerable Software and Affected Versions** Windows Kerberos (affected versions not specified) **Description** Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Active Directory Domain Services (affected versions not specified) **Description** Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network, potentially gaining full SYSTEM privileges. Attackers can utilize Unicode normalization and Ghost SPNs (Service Principal Names) to deceive the Kerberos KDC (Key Distribution Center) into issuing tickets for unauthorized accounts, facilitating lateral movement. **Recommendations** Apply the Microsoft March 2026 security updates to domain controllers. Review and restrict overbroad Active Directory rights and service account permissions to minimize the risk of privilege escalation.