KB5020805: CVE-2022-37967 Would all servers running 2003 os and 2008 os no longer work on the July 11th Enforcement?

Pammy 20 Reputation points
2023-01-18T15:53:43.51+00:00

KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967

Hi, There is an enforcement due on the 11th July from Microsoft due to a security vulnerability, Please see under article:

https://support.microsoft.com/en-gb/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb

The November 8, 2022 Windows updates address security bypass and elevation of privilege vulnerabilities with Privilege Attribute Certificate (PAC) signatures. This security update addresses Kerberos vulnerabilities where an attacker could digitally alter PAC signatures, raising their privileges.

To help secure your environment, install this Windows update to all devices, including Windows domain controllers. All domain controllers in your domain must be updated first before switching the update to Enforced mode.

To learn more about this vulnerabilities, see CVE-2022-37967.

Just a quick question, does it mean that any servers running 2003OS or 2008OS in an esatate would no longer work?

The article doesnt appear to have been updated for a while.

Thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,071 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
756 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2023-01-18T16:11:41.71+00:00

    2008 is listed here.

    [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967

    2003 is long out of support and therefore is not listed and not tested. You may need to setup an environment to test with if migrations/ upgrades cannot be performed.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.