SOC Advisory: Microsoft Windows Kerberos Vulnerability – 20 Jan 2026

Overview

• CVE: CVE-2026-20833
• Severity: Medium
• Date: 20 Jan 2026

Summary

Microsoft has issued advisories for a weakness in legacy encryption used by Windows Domain Controllers that can allow an authenticated local user to obtain hashed credentials with weak protection. The issue underpins attack techniques such as Kerberoasting, and organisations should prioritise remediation. Microsoft plans to enforce updated cryptographic defaults in mid-2026.

Affected Versions

• Windows Server 2016, 2019, 2022, 2025
• Windows Server 2012 R2 (ESU)

Vulnerability Breakdown

CVE-2026-20833 – Windows Kerberos Vulnerability

• • Severity: Medium
  • CVSS: 5.5
  • Description: Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorised attacker to disclose information locally.
  • Impact: Offline brute forcing of credential hashes with weak encryption, potentially leading to credential compromise.
  • Conditions: Local authenticated access required.
  • Notes: Microsoft is phasing out RC4 usage. The January 2026 update is the initial deployment phase.

Mitigation

• Install the Windows update released on or after January 13, 2026.
• On Domain Controllers, disable legacy weak Kerberos encryption types where possible.
• Monitor for event logs related to RC4 usage to prepare for the July 2026 enforcement phase.

Summary for IT Teams

• Products: Microsoft Windows Server (Domain Controllers)
• Threat Level: Medium (CVSS 5.5)
• Action Required:
  • Review Domain Controllers for use of weak Kerberos encryption types.
  • Apply MS advisory configuration guidance to disable legacy ciphers.
  • Prepare for enforced stronger cryptographic defaults in mid-2026.

Reference

• CVE 2026-20833
• Neowin News Post

Need Help?

If your organisation needs assistance assessing or patching your environment, the Secure ISS SOC team is ready to help. Please get in touch on 1300 769 460 or email us.