Windows Kerberos security hole – the “Orpheus’ Lyre” attack explained
Orpheus' Lyre (OL) is a security hole in a venerable network authentication system called Kerberos, probably best known because it is widely used by Windows for logon and access control.
The Kerberos concept is much like the way train tickets work: the platform barriers that open to let you get on your train don’t need to be able to accept payments, issue tickets, give change, or help you select from the options available for your chosen journey; instead, they just need to know how to validate the ticket you already bought at a ticket machine or the ticket office.
According to the researchers who found the OL hole, this bug means that an attacker on your network could modify an official Kerberos reply in order to lure an unpatched client computer to an imposter server. To continue our train analogy, crooks could undetectably adjust Kerberos tickets to persuade client computers to travel trustingly all the way to EDINBURGH instead of getting off at EALING BROADWAY as originally intended.
The Windows implementation of Kerberos used to be vulnerable, but was fixed in Microsoft’s July 2017 security update under the designation CVE-2017-8495, so make sure you’ve installed the latest Windows patches. Also, numerous open source implementations, such as those in various Linux distributions, in the Samba networking software, and in FreeBSD, have been patched, so apply updates to affected open source Kerberos components as soon as you can.