This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 13%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967
Hi, There is an enforcement due on the 11th July from Microsoft due to a security vulnerability, Please see under article:
The November 8, 2022 Windows updates address security bypass and elevation of privilege vulnerabilities with Privilege Attribute Certificate (PAC) signatures. This security update addresses Kerberos vulnerabilities where an attacker could digitally alter PAC signatures, raising their privileges.
To help secure your environment, install this Windows update to all devices, including Windows domain controllers. All domain controllers in your domain must be updated first before switching the update to Enforced mode.
To learn more about this vulnerabilities, see CVE-2022-37967.
Just a quick question, does it mean that any servers running 2003OS or 2008OS in an esatate would no longer work?
The article doesnt appear to have been updated for a while.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
2008 is listed here.
[https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967
2003 is long out of support and therefore is not listed and not tested. You may need to setup an environment to test with if migrations/ upgrades cannot be performed.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thanks for your reply. I've read through the articles and just wanted to understand that as of the 11th July enforcement is rolled out resulting in all servers running 2003 and 2008 OS will no longer work unless upgraded to 2019 os or removed from the network
2008 is still in extended support so should not be a problem assuming it is patched. Because 2003 is out of support it is untested, so it is unknown.
