logo

CVE-2022-26923 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

CVE-2022-26923

Microsoft | Active Directory

  • Date Added:
  • 2022-08-18
  • Due Date:
  • 2022-09-08
Vulnerability Name

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Description

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923

Free security scan for your website