CVE-2022-37976 · Active Directory Certificate Services Elevation of Privilege Vulnerability

What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: A system is vulnerable only if both the Active Directory Certificate Services role and the Active Directory Domain Services role are installed on a server in the network. Note that they would not necessarily need to be on the same server.

How could an attacker exploit this vulnerability? A malicious DCOM client could coerce a DCOM server to authenticate to it through the Active Directory Certificate Service (ADCS), and use the credential to launch a cross-protocol attack.

The following mitigating factors might be helpful in your situation: Setting LegacyAuthenticationLevel - Win32 apps | Microsoft Docs to 5= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY might protect most processes on the machine against this attack. Note that COM does not currently have a notion of minimum authentication level if authenticated, for example it is not possible to accept calls at RPC_C_AUTHN_LEVEL_NONE or >= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (server-side concern, but mentioning for completeness as it limits configuration-based options), nor is there a way to set the client-side authentication level for a process independent of the server-side authentication level. See LegacyAuthenticationLevel for more information about this value. For information on how to set the applicable system-wide registry value see the Setting System-Wide Default Authentication Level section of Setting System-Wide Security Using DCOMCNFG.