CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy

This report analyzes an ASN.1 integer-overflow and heap-buffer-overflow vulnerability in Microsoft's KDC Proxy (KPSSVC) that allows a remote, unauthenticated attacker to cause arbitrary code execution by sending specially crafted Kerberos responses with oversized length prefixes; it provides exploitation details, detection guidance (inspect TCP port 88 4-byte length prefixes), notes the vendor patch (CVE-2024-43639, Nov patch), and states the issue only affects systems using KDC Proxy and that no in-the-wild attacks have been observed.