Forum Moderators: open
Security researcher @dfirblog has discovered what he calls a devastating flaw in Windows' Kerberos authentication system.
The flaw cannot be fixed and the only solution is to introduce and use Microsoft's Credential Guard program to prevent passwords from being stored in memory, according to his extensive blog post.
The flaw results from how the third-party authentication system creates secret keys: by using the password associated with a disabled username (krbtgt). That password is rarely changed, making it possible to bypass the authentication system altogether and allow an attacker to grant themselves admin privileges, as well as create secret passwords for existing users and new users that don't exist.
Updated to add
A Microsoft spokesperson has told us in response to the security blunder: "We are aware of the Golden Ticket and Pass-the-Hash techniques and encourage customers to follow our guidance at www.microsoft.com/pth to help protect themselves. It is important to be aware that only organizations that already have a fully compromised domain controller are vulnerable to this technique."
"...only organizations that already have a fully compromised domain controller are vulnerable to this technique."
