Well-understood limitation of Microsoft Kerberos?
"Redmond has since pointed out the attack was a well-understood limitation of Kerberos and referred punters to documentation about how to prevent the attack"
ref: That would be Microsoft Kerberos, the one that's incompatible with MIT Kerberos.
ref: 'We consider the fact that attackers can change the victim’s password by only knowing the NTLM hash to be a flaw. If this flaw is by design, this simply makes it a “by-design” flaw.'