![]() This vulnerability would allow a low-privileged user to escalate privileges to domain administrator when Active Directory Certificate Services is running on the domain.įollowing Microsoft’s disclosure, the researcher who identified CVE-2022-26923 released technical details and updated tooling to exploit the vulnerability. ![]() On May 10th, 2022, Microsoft disclosed CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). Consider reviewing ADCS certificates for known misconfigurations.Prioritize testing and patch deployment for CVE-2022-26923.*For eSentire customers, please reach out to your CSM for a non-gated version of the TRU Intelligence Brief recording from May 2022 What you should do about it The Threat Response Unit provided details of known ADCS certificate misconfigurations in our May 2022 TRU Intelligence Brief.eSentire’s Threat Response Unit is reviewing this topic for detection opportunities.eSentire Managed Vulnerability Service has plugins in place to detect CVE-2022-26923.Impacted organizations are encouraged to prioritize testing and deployment of patches for CVE-2022-26923. ![]() eSentire is aware of technical details and tooling for exploiting this vulnerability, increasing the risk this will be exploited in the wild. If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |