CVE-2022-26923
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVSS
—
Sin CVSS
EPSS
83.3%
p100
KEV
SÍ
18 ago 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Active Directory
Vulnerabilidad
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Añadido a KEV
18 ago 2022
Remediar antes de
8 sept 2022
Uso conocido en ransomware
No
Descripción resumida
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Acción requerida
Apply updates per vendor instructions.
Notas
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923