CVE-2022-26923 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Vulnerability Name

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Description

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923

https://nvd.nist.gov/vuln/detail/CVE-2022-26923