CVE-2021-42287 - Active Directory Domain Services Elevation of Privilege Vulnerability
Microsoft has released security updates to address a security bypass vulnerability that affects the Kerberos Privilege Attribute Certificate (PAC) and allows potential attackers to impersonate domain controllers. Vulnerability CVE-2021-42287 has been identified.
While this does not affect the LoadMaster directly, it can and has been observed to impact any LoadMaster that is currently using our Edge Security Pack (ESP) and also using Kerberos Constrained Delegation (KCD).
Authentication will fail, which will cause users to not be able to access the servers through the LoadMaster if using ESP with KCD server side authentication.
What Progress - Kemp is doing to address the situation
This is related to the Microsoft patch. Microsoft has since fixed their patch.
Reference Authentication might fail on DCs with certain Kerberos delegation scenarios.
Microsoft is aware of the situation and addressing the issue outlined in this link.