Cybersecurity Alerts

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-295

References

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923
• https://nvd.nist.gov/vuln/detail/CVE-2022-26923