This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.
The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3105256.