CVE-2022-26923
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVSS
—
No CVSS
EPSS
83.3%
p100
KEV
YES
Aug 18, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Microsoft / Active Directory
Vulnerability
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Added to KEV
Aug 18, 2022
Remediate by
Sep 8, 2022
Known ransomware use
No
Summary description
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Required action
Apply updates per vendor instructions.
Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923