Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2022-26923 · Active Directory Domain Services Elevation of Privilege Vulnerability

No description was published by MSRC.

Severity
Critical
Impact
Elevation of Privilege
CVSS
8.8 base · 7.7 temporal
Release
2022-05-10
Signals
Windows Active Directory Elevation of Privilege Exploited: No Publicly disclosed: No Exploitability: Exploitation More Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
FAQ
How could an attacker exploit this vulnerability? An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.
Mitigation
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: A system is vulnerable only if both the Active Directory Certificate Services role and the Active Directory Domain Services role are installed on a server in the network. Note that they would not necessarily need to be on the same server.
FAQ
Where can I find out more information about this vulnerability? Please see Certificate-based authentication changes on Windows domain controllers for more information and ways to protect yourself.