/

CVE-2022-26923 Report - Details, Severity, & Advisorie...

CVE-2022-26923 Report - Details, Severity, & Advisories

Twingate Team

Jan 11, 2024

CVE-2022-26923 is a security vulnerability affecting Active Directory Domain Services, which could lead to an elevation of privilege for attackers. This vulnerability has a moderate severity level, and it impacts systems running both Active Directory Certificate Services and Active Directory Domain Services roles. Although not publicly disclosed or exploited at the time of original publication, exploitation is considered more likely. To protect your systems, it's essential to stay informed and apply necessary security updates.

How do I know if I'm affected?

If you're affected by the vulnerability, your system has both the Active Directory Certificate Services role and the Active Directory Domain Services role installed on a server in the network. An attacker could exploit this vulnerability by manipulating attributes on computer accounts they own or manage and acquiring a certificate to elevate privileges to System. Note that this vulnerability specifically impacts Microsoft Windows and Windows Server, and no Apple product versions are mentioned as being affected.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these simple steps: First, ensure that the Active Directory Certificate Services role and the Active Directory Domain Services role are not installed on the same server in your network. Next, apply the security updates provided by Microsoft for your specific product and platform.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Active Directory Domain Services Elevation of Privilege Vulnerability, was added on August 18, 2022, with a due date of September 8, 2022. To address this issue, it's crucial to apply the necessary security updates provided by Microsoft and follow the recommended mitigation steps.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-295, which can lead to an elevation of privilege in Active Directory Domain Services. Mitigations include separating roles and applying security updates.

For more details

CVE-2022-26923 is a significant vulnerability affecting Active Directory Domain Services. After analyzing the details provided by various sources, it's clear that taking appropriate mitigation steps and applying security updates is crucial. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-26923 Report - Details, Severity, & Advisorie...

CVE-2022-26923 Report - Details, Severity, & Advisories

Twingate Team

Jan 11, 2024

CVE-2022-26923 is a security vulnerability affecting Active Directory Domain Services, which could lead to an elevation of privilege for attackers. This vulnerability has a moderate severity level, and it impacts systems running both Active Directory Certificate Services and Active Directory Domain Services roles. Although not publicly disclosed or exploited at the time of original publication, exploitation is considered more likely. To protect your systems, it's essential to stay informed and apply necessary security updates.

How do I know if I'm affected?

If you're affected by the vulnerability, your system has both the Active Directory Certificate Services role and the Active Directory Domain Services role installed on a server in the network. An attacker could exploit this vulnerability by manipulating attributes on computer accounts they own or manage and acquiring a certificate to elevate privileges to System. Note that this vulnerability specifically impacts Microsoft Windows and Windows Server, and no Apple product versions are mentioned as being affected.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these simple steps: First, ensure that the Active Directory Certificate Services role and the Active Directory Domain Services role are not installed on the same server in your network. Next, apply the security updates provided by Microsoft for your specific product and platform.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Active Directory Domain Services Elevation of Privilege Vulnerability, was added on August 18, 2022, with a due date of September 8, 2022. To address this issue, it's crucial to apply the necessary security updates provided by Microsoft and follow the recommended mitigation steps.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-295, which can lead to an elevation of privilege in Active Directory Domain Services. Mitigations include separating roles and applying security updates.

For more details

CVE-2022-26923 is a significant vulnerability affecting Active Directory Domain Services. After analyzing the details provided by various sources, it's clear that taking appropriate mitigation steps and applying security updates is crucial. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-26923 Report - Details, Severity, & Advisories

Twingate Team

Jan 11, 2024

CVE-2022-26923 is a security vulnerability affecting Active Directory Domain Services, which could lead to an elevation of privilege for attackers. This vulnerability has a moderate severity level, and it impacts systems running both Active Directory Certificate Services and Active Directory Domain Services roles. Although not publicly disclosed or exploited at the time of original publication, exploitation is considered more likely. To protect your systems, it's essential to stay informed and apply necessary security updates.

How do I know if I'm affected?

If you're affected by the vulnerability, your system has both the Active Directory Certificate Services role and the Active Directory Domain Services role installed on a server in the network. An attacker could exploit this vulnerability by manipulating attributes on computer accounts they own or manage and acquiring a certificate to elevate privileges to System. Note that this vulnerability specifically impacts Microsoft Windows and Windows Server, and no Apple product versions are mentioned as being affected.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these simple steps: First, ensure that the Active Directory Certificate Services role and the Active Directory Domain Services role are not installed on the same server in your network. Next, apply the security updates provided by Microsoft for your specific product and platform.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Active Directory Domain Services Elevation of Privilege Vulnerability, was added on August 18, 2022, with a due date of September 8, 2022. To address this issue, it's crucial to apply the necessary security updates provided by Microsoft and follow the recommended mitigation steps.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-295, which can lead to an elevation of privilege in Active Directory Domain Services. Mitigations include separating roles and applying security updates.

For more details

CVE-2022-26923 is a significant vulnerability affecting Active Directory Domain Services. After analyzing the details provided by various sources, it's clear that taking appropriate mitigation steps and applying security updates is crucial. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.