Microsoft has released an update for Windows, which includes a fix for a vulnerability that could allow attackers to bypass security checks and misuse a renewable and soft token. This security vulnerability, known as Primary Refresh Tokens, is caused by Microsoft’s implementation of how the software refreshes a token while it’s being used.
KB5004237 addresses a vulnerability that occurs when a Primary Refresh Token is used with an Outlook Web Access server. This flaw allows the attacker to authenticate to an Outlook Web Access server with the privileges of the user running the Outlook Web Access service.
to Alexander Polobok.
Editor of the message
With an overwhelming desire to get to the bottom of things and get to the truth, Alex has spent much of his time as a reporter, presenter, on television and radio….. Read more
- Microsoft takes security seriously and works to close security holes.
- KB5004237 was released to fix a major security vulnerability that was causing stress to employees of a technology company.
- This question was about weak lettering on labels for primary renewal and the consequences this may have.
- This means that an administrator with access to a vulnerable system can extract the token and potentially decrypt it for reuse until the token expires or is updated.
We all know that the Redmond-based tech giant has been plagued lately with security vulnerabilities exploited by unfriendly third parties in the wild.
The most recent and best known of these is the Print Nightmare vulnerability, which Microsoft has already fixed, but of course there are others.
With the patch released Tuesday, the technology company also closed another major vulnerability related to Microsoft’s Azure.
Primary update tokens were not correctly encoded
Before we get to the heart of the matter, you should know that this problem only affects the 2004 version of Windows 10.
To refresh your memory on what Primary Update Tokens (PRTs) are, they are a key artifact of Azure AD authentication on Windows 10, Windows Server 2016 and later, iOS and Android devices.
This is a JSON web token (JWT) specifically provided by Microsoft to third-party token brokers to enable single sign-on (SSO) in applications used on these devices.
Microsoft has just released KB5004237 as part of the July 20, 2021 Patch Tuesday, which it says fixes a vulnerability where these streams and few encryption.
This vulnerability affects primary refresh tokens, which are typically stored in TPM security chips, which as you may recall are a requirement for the upcoming operating system, Windows 11.
These tokens are typically used for SSO of Azure AD accounts and are not sufficiently encrypted, meaning that an administrator with access to a vulnerable system can extract the token and potentially decrypt it for reuse until it expires or is updated.
An excellent and somewhat expected move by Microsoft, given the damage such an exploit could do to millions of users if the information simply fell into the wrong hands.
It’s good to know that while the Redmond-based tech giant continues to work hard to improve its flagship applications and develop new operating systems, it still makes time to fix major security vulnerabilities.
After all, security is the biggest concern in this fast-growing online world, following the numerous cyber-attacks in recent months.
Were you aware of this exploitation? If so, do you know of any other security risks that Microsoft users face? Let us know your comments in the section below.
Was this page helpful?
Not enough details.
It’s hard to understand
Contact an expert
Start the conversation
cve-2021-24074kb4601393 issuescve-2021-1732 pocmicrosoft patch tuesday january 2021cve-2021-24078windows 10 february 2021 update problems,People also search for,Privacy settings,How Search works,cve-2021-24074,kb4601393 issues,cve-2021-1732 poc,microsoft patch tuesday january 2021,cve-2021-24078,windows 10 february 2021 update problems,february patch tuesday 2021,patch tuesday schedule 2021