ZDNet: Proof-of-concept exploit code published for new Kerberos Bronze Bit attack
On December 10, NetSPI Security Consultant Jake Karnes was featured in ZDNet:
Proof-of-concept exploit code has been published this week for a new attack technique that can bypass the Kerberos authentication protocol in Windows environments and let intruders access sensitive network-connected services.
Named the Bronze Bit attack, or CVE-2020-17049, patching this bug caused quite the issue for Microsoft already.
The OS maker delivered an initial fix for Bronze Bit attacks in the November 2020 Patch Tuesday, but the patch caused authentication issues for Microsoft’s customers, and a new update had to be deployed this month to fix the previous issues.
On Wednesday, a day after Microsoft delivered the final patches, Jake Karnes, a security engineer at NetSPI, published a technical breakdown of the vulnerability so network defenders can understand how they are vulnerable and why they need to update, despite the patching process’ rocky start.
Read the full article here: https://www.zdnet.com/article/proof-of-concept-exploit-code-published-for-new-kerberos-bronze-bit-attack/
Explore More News
The AI Journal: From Sign-Ins to Silent Breaches: The New Frontline of Cybersecurity in 2026
Giles Inkson explains how cybersecurity threats in 2026 are shifting from forced entry to legitimate-looking access through compromised identities, AI-powered attacks, and the need for continuous security testing.
TechCircle: NetSPI’s CPTO on Why Proactive Security is Fast Becoming the Enterprise Default
TechCircle explores how NetSPI enables proactive security for enterprise companies in a one-on-one interview with its Interim Chief Product and Technology Officer, Sridhar Jayanthi.
TechRound: Expert Predictions for Cybersecurity in 2026
Nick Walker, Regional Director for EMEA at NetSPI, contributed to TechRound’s expert roundup on what to expect in cybersecurity in 2026, arguing that identity will replace networks as the primary battleground.