CVE-2022-26925
Microsoft Windows LSA Spoofing Vulnerability
CVSS
—
No CVSS
EPSS
10.5%
p95
KEV
YES
Jul 1, 2022
Exploit Today
79
0-100
Published: — · Last modified: —
Product
Microsoft / Windows
Vulnerability
Microsoft Windows LSA Spoofing Vulnerability
Added to KEV
Jul 1, 2022
Remediate by
Jul 22, 2022
Known ransomware use
No
Summary description
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
Required action
Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].
Notes
WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.; https://nvd.nist.gov/vuln/detail/CVE-2022-26925