KB5021131: How to manage the Kerberos protocol changes related to CVE-2022-37966

Accounts that are flagged for explicit RC4 usage are vulnerable. In addition, environments that do not have AES session keys within the krbgt account may be vulnerable. To mitigate this issue, follow the guidance on how to identify vulnerabilities and use the Registry Key setting section to update explicitly set encryption defaults.

You will need to verify that all your devices have a common Kerberos Encryption type.  For more information about Kerberos Encryption types, see Decrypting the Selection of Supported Kerberos Encryption Types.

Environments without a common Kerberos Encryption type might have previously been functional due to automatically adding RC4 or by the addition of AES, if RC4 was disabled through group policy by domain controllers. This behavior has changed with the updates released on or after November 8, 2022 and will now strictly follow what is set in the registry keys, msds-SupportedEncryptionTypes and DefaultDomainSupportedEncTypes. 

If the account does not have msds-SupportedEncryptionTypes set, or it is set to 0, domain controllers assume a default value of 0x27 (39) or the domain controller will use the setting in the registry key DefaultDomainSupportedEncTypes.

If the account does have msds-SupportedEncryptionTypes set, this setting is honored and might expose a failure to have configured a common Kerberos Encryption type masked by the previous behavior of automatically adding RC4 or AES, which is no longer the behavior after installation of updates released on or after November 8, 2022.

For information about how to verify you have a common Kerberos Encryption type, see question How can I verify that all my devices have a common Kerberos Encryption type?

See the previous question for more information why your devices might not have a common Kerberos Encryption type after installing updates released on or after November 8, 2022.

If you have already installed updates released on or after November 8, 2022, you can detect devices which do not have a common Kerberos Encryption type by looking in the Event Log for Microsoft-Windows-Kerberos-Key-Distribution-Center Event 27, which identifies disjoint encryption types between Kerberos clients and remote servers or services.

Installation of updates released on or after November 8, 2022 on clients or non-Domain Controller role servers should not affect Kerberos authentication in your environment.

To mitigate this known issue, open a Command Prompt window as an Administrator and temporarily use the following command to set the registry key KrbtgtFullPacSignature to 0:

• reg add "HKLM\System\CurrentControlSet\services\KDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD
  

Next steps We are working on a resolution and will provide an update in an upcoming release.

After installing updates released on or after November 8, 2022 on your domain controllers, all devices must support AES ticket signing as required to be compliant with the security hardening required for CVE-2022-37967.

Next Steps If you are already running the most up-to-date software and firmware for your non-Windows devices and have verified that there is a common Encryption type available between your Windows domain controllers and your non-Windows devices, you will need to contact your device manufacturer (OEM) for help or replace the devices with ones that are compliant. 

Unsupported versions of Windows includes Windows XP, Windows Server 2003, Windows Server 2008 SP2, and Windows Server 2008 R2 SP1 cannot be accessed by updated Windows devices unless you have an ESU license. If you have an ESU license, you will need to install updates released on or after November 8, 2022 and verify your configuration has a common Encryption type available between all devices.

Next Steps Install updates, if they are available for your version of Windows and you have the applicable ESU license. If updates are not available, you will need to upgrade to a supported version of Windows or move any application or service to a compliant device.

This known issue was resolved in out-of-band updates released November 17, 2022 and November 18, 2022 for installation on all domain controllers in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.

To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. 

Cumulative updates:

• ​Windows Server 2022: KB5021656

• ​Windows Server 2019: KB5021655

• ​Windows Server 2016: KB5021654

Standalone Updates:

• ​Windows Server 2012 R2: KB5021653

• ​Windows Server 2012: KB5021652

• ​Windows Server 2008 R2 SP1: KB5021651 (released November 18, 2022)

• ​Windows Server 2008 SP2: KB5021657

If you have verified the configuration of your environment and you are still encountering issues with any non-Microsoft implementation of Kerberos, you will need updates or support from the developer or manufacturer of the app or device.

This known issue can be mitigated by doing one of the following:

• Set msds-SupportedEncryptionTypes with bitwise or set it to the current default 0x27 to preserve its current value. For example:

  • Msds-SuportedEncryptionTypes -bor 0x27

• Set msds-SupportEncryptionTypes to 0 to let domain controllers use the default value of 0x27.

Next steps We are working on a resolution and will provide an update in an upcoming release.

Advanced Encryption Standard (AES) is a block cipher that supersedes the Data Encryption Standard (DES). AES can be used to protect electronic data. The AES algorithm can be used to encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form, called plaintext. AES is used in symmetric-key cryptography, meaning that the same key is used for the encryption and decryption operations. It is also a block cipher, meaning that it operates on fixed-size blocks of plaintext and ciphertext, and requires the size of the plaintext as well as the ciphertext to be an exact multiple of this block size. AES is also known as the Rijndael symmetric encryption algorithm [FIPS197].

Kerberos is a computer network authentication protocol which works based on “tickets” to allow for nodes communicating over a network to prove their identity to one another in a secure manner.

The Kerberos service that implements the authentication and ticket granting services specified in the Kerberos protocol. The service runs on computers selected by the administrator of the realm or domain; it is not present on every machine on the network. It must have access to an account database for the realm that it serves. KDCs are integrated into the domain controller role. It is a network service that supplies tickets to clients for use in authenticating to services.

RC4-HMAC (RC4) is a variable key-length symmetric encryption algorithm. For more information, see [SCHNEIER] section 17.1.

A relatively short-lived symmetric key (a cryptographic key negotiated by the client and the server based on a shared secret). A session keys lifespan is bounded by the session to which it is associated. A session key has to be strong enough to withstand cryptanalysis for the lifespan of the session.

A special type of ticket that can be used to obtain other tickets. The Ticket-granting Ticket (TGT) is obtained after the initial authentication in the Authentication Service (AS) exchange; thereafter, users do not need to present their credentials, but can use the TGT to obtain subsequent tickets.