all InfoSec news
We Patched CVE-2023-28244 Before Anyone - Including Us - Even Knew It Existed
Malware Analysis, News and Indicators - Latest topics malware.news
How Our Patch For CVE-2022-33647 Fixed CVE-2023-28244 Five Months In Advance
By Blaz Satler of 0patch Team
The Initial Vulnerability - CVE-2022-33647
In September 2022, Microsoft released patches for CVE-2022-33647, a Kerberos vulnerability that allows a MITM (Man-In-The-Middle) attacker to hijack a user's Kerberos ticket and achieve domain privilege escalation. James Forshaw of Google Project Zero was attributed with the discovery of this issue, and shortly after the issue was fixed also published a writeup on the official Project …
0patch attacker cve domain hijack kerberos man-in-the-middle microsoft mitm patch patches september ticket vulnerability