CNNVD-202601-2126 Information
CNNVD ID
CNNVD-202601-2126
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Microsoft Windows Kerberos是美国微软(Microsoft)公司的一个用于在网络集群中进行身份验证的软件。Kerberos 同时作为一种网络认证协议,其设计目标是通过密钥系统为客户机/服务器应用程序提供强大的认证服务。 Microsoft Windows Kerberos存在安全漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,Windows 11 Version 25H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)。
Description (English)
Microsoft Windows Kerberos is a software used by Microsoft USA for authentication in network clusters. Kerberos is also serving as a web authentication protocol designed to provide a robust authentication service for client/server applications through a key system. Microsoft Windows Kerberos has a security gap. The attackers use this loophole to enhance their authority. The following products and versions are affected: Wows Service 2012, Wows Service Service Service Service, Wow Service Service Service Service Service, Wow Service Service Service Service Service, Wow Service Service Service Service Service, Wow Service Service for Service Service, Wow Service Service for Service Service Service, Wow Service Service for Service Service, Wow Service Service Service for Service Service Service, Wows Service for Service Service Service, Wow Service Service Service for Service Service Offices for Service Service Service Offices for Service Service Service Offices for Service Service Service Service Offices for Service Service Service Service Offices for Service Service Service Offices for Service Service Service Service Offices for Service Service Offices for Service Service Offices for Service Service Service Offices for Service Offices for Service Service Offices for Service Offices for Service Service Service and Service Service Services for Service Services for Service Services, Wow Service Service Service Offices for Service Offices for Service Service Service Service Service Service for Service Services and Services for Service Service Service Services for Service Services, and Meetings Service Service Service Offices for Service Services for Service Service Services for Headquarters and Services for Service Service Service Services for Meeting Meeting Meeting Services for Meeting Meeting Meeting Meeting Meeting Meeting Services, and Meeting Meeting Meeting Meeting
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
微软
Published
2026-01-13
Last Modified
2026-02-24
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20849
Patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20849
Share on: