CVE-2017-8495
N/A
N/A
Summary
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft Corporation | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016. | Microsoft Windows | affected |
Weaknesses
- Security Feature Bypass
ADP Enrichment
CVE Program Container
Additional References
- https://www.orpheus-lyre.info/
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495
- http://www.securityfocus.com/bid/99424
- http://www.securitytracker.com/id/1038862
References
- https://www.orpheus-lyre.info/
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495
- http://www.securityfocus.com/bid/99424
- http://www.securitytracker.com/id/1038862
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.