Windows Kerberos Security Feature Bypass Vulnerability

MonitorCVSS 6.5CVE-2026-24297Mar 10, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A race condition in Windows Kerberos authentication allows an attacker on the network to bypass security feature checks. The vulnerability exists in Kerberos' handling of concurrent authentication requests, where improper synchronization of shared resources permits an attacker to skip security validation steps. This affects Windows 10 (versions 1607, 1809, 21H2, 22H2) and Windows Server 2016/2019 across all architectures.

What this means

What could happen

An attacker could bypass Kerberos security authentication checks on Windows systems connected to your network, potentially allowing unauthorized access to domain resources without proper credential validation.

Who's at risk

Organizations running Windows 10 or Windows Server 2016/2019 on engineering workstations, HMI servers, or any domain-connected Windows systems. This affects IT infrastructure that may support OT systems through shared domain authentication.

How it could be exploited

An attacker on your network exploits a race condition in Windows Kerberos by sending specially timed authentication requests. This allows them to bypass security checks that normally validate credentials, gaining network access without proper authentication.

Prerequisites

Network access to affected Windows systems
Ability to send Kerberos authentication traffic to domain controllers or clients

Remotely exploitableNo authentication requiredLow complexity attackAffects authentication mechanism used by OT-connected systems

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (14)

14 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8511

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8511

Windows Server 2019All versionsBuild 10.0.17763.8511

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8511

Windows 10 Version 21H2 for 32-bit SystemsAll versionsBuild 10.0.19044.7058

Windows 10 Version 22H2 for 32-bit SystemsAll versionsBuild 10.0.19045.7058

Windows 10 Version 1607 for 32-bit SystemsAll versionsBuild 10.0.14393.8957

Windows 10 Version 1607 for x64-based SystemsAll versionsBuild 10.0.14393.8957

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the March 2026 Windows security update to all Windows 10 and Windows Server systems in your environment

CVEs (1)

CVE-2026-24297

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a832787-0d01-4080-9d88-bfefc43f427c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.