CVE-2022-21920: 
vulnerability analysis and mitigation

CVE-2022-21920 is a Windows Kerberos Elevation of Privilege Vulnerability that was disclosed on January 11, 2022. The vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and various Windows Server versions. This security issue involves improved logic to detect downgrade attacks for 3-part Service Principal Names (SPNs) when using the Microsoft Negotiate authentication protocol (Microsoft Support, NVD).

The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impacts on confidentiality, integrity, and availability. Under CVSS v2.0, it scored 9.0 (HIGH) with the vector (AV:N/AC:L/Au:S/C:C/I:C/A:C) (NVD).

The vulnerability can lead to authentication failures for 3-part SPNs where Kerberos authentication is not successful. This particularly affects environments where Kerberos authentication for 3-part SPNs has not been working for some time. The system may detect and block downgrade attempts when contacting 3-part SPNs, potentially impacting service accessibility (Microsoft Support).

Microsoft released security updates on January 11, 2022, to address this vulnerability. Organizations should verify Kerberos authentication for 3-part SPNs and ensure proper SPN configuration. Common mitigation steps include correcting malformed SPNs, registering missing SPNs to correct service accounts, and ensuring proper DNS resolution for domain controllers (Microsoft Support).