MS11-013 MS11-013 - Important: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
Important2011-02-08 Bulletin Severity Rating:Important - This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-02-10
Updated
2019-02-26
Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
Max CVSS
6.4
EPSS Score
0.68%
Published
2011-02-10
Updated
2018-10-30