What is CVE-2024-20674?

CVE-2024-20674 is a high-severity security vulnerability affecting the Windows Kerberos authentication system in various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions. It is crucial for organizations using affected systems to apply security updates to mitigate the risk posed by this critical security feature bypass vulnerability.

Who is impacted by CVE-2024-20674?

This security issue allows attackers to bypass the authentication feature in the Windows Kerberos system, potentially leading to unauthorized access to sensitive information and systems. Users of affected systems should be aware of this vulnerability and take necessary precautions to protect their data and resources.

What should I do if I’m affected?

If you're affected by the CVE-2024-20674 vulnerability, it's important to take action to protect your data and systems. Follow these simple steps:

1. Identify your specific Windows version and platform.

2. Visit the Microsoft Security Update Guide for CVE-2024-20674.

3. Locate and apply the appropriate security update for your Windows version and platform.

4. Monitor for any updates or additional guidance from Microsoft.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-20674 vulnerability, also known as Windows Kerberos Security Feature Bypass Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-290, which involves bypassing authentication by spoofing in the Windows Kerberos system.

Learn More

To gain a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• Microsoft Security Update Guide