CVE-2022-37966

Name of the Vulnerable Software and Affected Versions Windows Kerberos versions prior to the update that addresses the RC4-HMAC vulnerability Samba Active Directory DC (affected versions not specified)

Description The issue is related to the implementation of the Kerberos protocol in Windows operating systems, which uses the RC4-HMAC cryptographic algorithm containing defects. This allows a remote attacker to elevate their privileges. The vulnerability can affect the system, and its exploitation may have significant consequences. Microsoft introduced updates to the Kerberos protocol to address vulnerabilities like this one, aiming to phase out the weak RC4 cipher in favor of AES encryption for Kerberos tickets.

Recommendations For Windows Kerberos versions prior to the update that addresses the RC4-HMAC vulnerability: Update to a version that includes the fix for the RC4-HMAC vulnerability, which phases out the weak RC4 cipher in favor of AES encryption for Kerberos tickets. For Samba Active Directory DC: Consider changing the 'kerberos encryption types' configuration to avoid forcing rc4-hmac as a client, allowing the use of stronger ciphers like aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. As a temporary workaround, consider restricting the use of the RC4-HMAC algorithm until a patch is available.