Search
HomeGame GuidesMicrosoft has fixed the Windows authentication flaw CVE-2024-26248, CVE-2024-29056 Kerberos PAC

Microsoft has fixed the Windows authentication flaw CVE-2024-26248, CVE-2024-29056 Kerberos PAC

Game Guides

Published on

By admin

Microsoft last week released the April 2024 patch updates for Windows 10 (KB5036892), Windows 11 (KB5036893) and more.

Along with these, the company also announced that the patch addresses several Kerberos PAC authentication security vulnerabilities, tracked as CVE-2024-26248 and CVE-2024-29056, both of which are privilege escalation flaws that bypass the previously added PAC signature checks. KB5020805. This is in addition to the updated advisory he posted about the BlackLotus Secure Boot flaw (CVE-2023-24932).

In its support document, Microsoft explains:

Windows security updates released on or after April 9, 2024 address privilege elevation vulnerabilities with the Kerberos PAC Validation protocol. The Privilege Attribute Certificate (PAC) is an extension to Kerberos service cards. It contains information about the authenticating user and their permissions. This update fixes a vulnerability where the process user could forge the signature to bypass PAC signature verification security checks added in KB5020805.

Microsoft also added that simply downloading and installing the April 2024 patch updates will not be enough to address the flaw and that users should also enforce the changes. This is only the initial deployment phase of the patch and will not be enforced by default until later.

The full timeline of upcoming changes appears below:

April 9, 2024: Initial Deployment Phase – Compliance Status

The initial deployment phase begins with the updates released on April 9, 2024. This update adds new behavior that prevents elevation of privilege vulnerabilities described in CVE-2024-26248 and CVE-2024-29056, but does not enforce it unless both Windows domain controllers and clients Windows in the environment are updated.

To enable the new behavior and to mitigate vulnerabilities, you must ensure that your entire Windows environment (including domain controllers and clients) is up to date. Audit events will be logged to help identify devices that have not been updated.

October 15, 2024: Enforced by the default phase

Updates released on or after October 15, 2024 will put all domain controllers and Windows clients in the environment into enforcement mode by changing the registry subkey settings to PacSignatureValidationLevel=3 and CrossDomainFilteringLevel=4, enforcing the default secure behavior.

An administrator can override the Enforced by Default settings to return to compatibility mode.

April 8, 2025: Enforcement phase

Windows security updates released on or after April 8, 2025 will remove support for the PacSignatureValidationLevel and CrossDomainFilteringLevel registry subkeys and enforce the new secure behavior. Compatibility mode will not be supported after this update is installed.

You can find more details about it in the official support document under KB5037754 on Microsoft’s website.

Latest articles

More like this

We here at steamplayers.com are a team of hard working gaming enthusiasts. We make every effort to bring the best of the gaming world to you in the form of game guides and blogs.

© All Right Reserved | Steam Players