top | item 37154293

(no title)

TFA seems to only mention errors where the time is set to the future, which would probably indicate that Microsoft at least thought of this. Their responses seem to indicate that they also don't think that it's a security issue, which means they likely don't know of any _explicit_ way to exploit this.

It seems to me that it could still be used to bring down a windows server right around the time that you wanted to, which is still a potentially serious security concern.

discuss

gerdesj|2 years ago

At the very least you can can screw with Kerberos which requires a default of something like five mins time sync. That's a denial of service. Keep it up for long enough and the device will fall off AD as well.