Apr 14, 2024 10:36 EDT
with 0 comments
Microsoft this past week released its April 2024 Patch Tuesday updates for Windows 10 (KB5036892), Windows 11 (KB5036893), and more.
Alongside those, the company also informed that the Patch addresses a couple of Kerberos PAC authentication security vulnerabilities tracked under CVE-2024-26248 and CVE-2024-29056, both of which are elevation of privilege flaws that bypass the PAC signature checks previously added in KB5020805.
Microsoft has explained in its support document:
The security updates for Windows released on or after April 9, 2024, tackle elevation of privilege vulnerabilities within the Kerberos PAC Validation Protocol. The Privilege Attribute Certificate (PAC) refers to an extension of Kerberos service tickets, holding details about the user who authenticates and their privileges. This update resolves an issue where a process user can spoof the signature to bypass PAC signature validation security checks incorporated in KB5020805.
Microsoft has further indicated that just downloading and installing the April 2024 Patch Tuesday updates won’t be sufficient to address this flaw. Users need to enforce these changes as well. This is merely the Initial Deployment Phase for the Patch, and default enforcement won’t happen until subsequent stages.
The comprehensive timeline for these upcoming changes is provided below:
April 9, 2024: Initial Deployment Phase – Compatibility Mode
The commencement of the deployment phase is marked with the updates introduced on April 9, 2024. This particular update incorporates new behavior designed to eliminate the possibility of elevation of privilege vulnerabilities as detailed in CVE-2024-26248 and CVE-2024-29056. However, it will only be enforced when both domain controllers and Windows clients within the environment are updated.
In order to activate the new behavior and address the vulnerabilities, it’s crucial that the entire Windows environment, including both domain controllers and clients, is updated comprehensively. Audit Events will be recorded to assist in identifying devices that are not updated.
October 15, 2024: Enforced by Default Phase
Updates released on or after October 15, 2024, will move all Windows domain controllers and clients in the environment to Enforced mode by changing the registry subkey settings to PacSignatureValidationLevel=3 and CrossDomainFilteringLevel=4, enforcing the secure behavior by default.
The Enforced by Default settings can be overridden by an Administrator to revert to Compatibility mode.
April 8, 2025: Enforcement Phase
The Windows security updates released on or after April 8, 2025, will remove support for the registry subkeys PacSignatureValidationLevel and CrossDomainFilteringLevel and enforce the new secure behavior. There will be no support for Compatibility mode after installing this update.
You can find more details about it in the official support document under KB5037754 on Microsoft’s website.
Jan 10, 2024
Apr 14, 2023
Mar 28, 2023
·
Nov 17, 2022
with
comment
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
