Microsoft Windows LSA Spoofing Vulnerability

Vulnerability Name

Microsoft Windows LSA Spoofing Vulnerability

Description

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].

Additional Notes

WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.

https://nvd.nist.gov/vuln/detail/CVE-2022-26925