Kerberos tickets issued before the exploit will still work, but new ones will be encrypted by AD with the "new" (empty) secret, shown in blue. The server can't decrypt those and throws an error. No more Kerberos logins. pic.twitter.com/PKzeyhoLQQ

— Dirk-jan (@_dirkjan) September 16, 2020