⚠ Actively exploited
Added to CISA KEV on 2022-08-18. Federal agencies required to patch by 2022-09-08. Required action: Apply updates per vendor instructions..

CVE-2022-26923

CWE-295Improper Certificate Validation13 documents11 sources
Severity
8.8HIGH
EPSS
91.4%
top 0.33%
CISA KEV
KEV
Added 2022-08-18
Due 2022-09-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
26
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+23 more
Timeline
PublishedMay 10
KEV addedAug 18
KEV dueSep 8
Latest updateJan 23
CISA Required Action: Apply updates per vendor instructions.

Description

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages26 packages

NVDmicrosoft/windows< 10.0.14393.5850+3
CVEListV5microsoft/windows_8.16.3.06.3.9600.20371
NVDmicrosoft/windows_10_1507< 10.0.10240.19297
NVDmicrosoft/windows_10_1607< 10.0.14393.5850
NVDmicrosoft/windows_10_1809< 10.0.17763.4252

Patches

Patch: msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-j9xf-76vv-4wcg: Active Directory Domain Services Elevation of Privilege Vulnerability2022-05-11
CVEList
Active Directory Domain Services Elevation of Privilege Vulnerability2022-05-10
VulnCheck
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability2022

🔍Detection Rules

2
Sigma
Certificate Use With No Strong Mapping
Elastic
Remote Computer Account DnsHostName Update

📋Vendor Advisories

2
CISA
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability2022-08-18
Microsoft
Active Directory Domain Services Elevation of Privilege Vulnerability2022-05-10

🕵️Threat Intelligence

3
Sentinelone
CVE-2022-26923 | What is it and How to Mitigate?2023-01-23
Sentinelone
CVE-2022-26923 | What is it and How to Mitigate?2023-01-23
Unit42
Threat Brief: Microsoft Critical Vulnerabilities (CVE-2022-26809, CVE-2022-26923, CVE-2022-26925)2022-07-27
CVE-2022-26923 (HIGH CVSS 8.8) | Active Directory Domain Services El | cvebase.io