Well, Ain't that dandy!
"'Devastating' flaw found in Windows' authentication system"
"The krbtgt user is created when the system is first installed and is inactive, so it can remain untouched on a system for years – providing ready access to a hacker."
Opening of final paragraph:
"Dfirblog notes: "Mitigation of most of these attacks is not possible, as this is simply how Kerberos works in the Windows environment"
Ouch! So it works on Windows by automatically installing a backdoor? Who insisted on that feature, I wonder?