8.8
CVSSv3

CVE-2022-26923

Published: 10/05/2022 Updated: 18/05/2022
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Active Directory Domain Services Elevation of Privilege Vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows 8.1 -

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 21h2

microsoft windows 10 1909

microsoft windows 11 -

microsoft windows server 2022

Github Repositories

CVE-2022-26923_AD_Certate_services The vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed CVSS Score : 81 An exploit was developed by Oliver Lyak (ly4k_) in Python and was published before and not after the advisory It

Certifried Why Certifried? Certifried makes steps easier to replicate to abuse the new CVE-2022-26923 However below is the manual steps to replicate the vulnerability Detailed article can be read here from the original author Usage Recover NTLM hash python3 certifriedpy domaincom/lowpriv:'Password1' -dc-ip 10101010 -use-ldap

CVE-2022-26923 AD Certificate Services Date of publication : 10/05/2022 Attack complexity: Low Privileges required: Low The vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed CVSS Score : 81 An exploit was developed b

THM-Captured-Rooms Tracking my room completion progress on TryHackMe Rooms Completed Welcome Linux Fundamentals Part 1 Linux Fundamentals Part 2 Linux Fundamentals Part 3 Windows Fundamentals 1 Windows Fundamentals 2 Windows Fundamentals 3 Nmap Web Scanning Lazy Admin Intro to x86-64 CC: Steganography Principles of Security Content Discovery Shodanio Burp Suite: The Basics T

Outflank - C2 Tool Collection This repository contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques These tools are not part of our commercial OST product and are written with the goal of contributing to the community to which we owe a lot Currently this repo contains a section wi

TryHackMe-CVE-2022-26923 Walkthrough on the exploitation of CVE-2022-26923, a vulnerability in AD Certificate Services

Certifried Why Certifried? Certifried makes steps easier to replicate to abuse the new CVE-2022-26923 However below is the manual steps to replicate the vulnerability Detailed article can be read here from the original author Usage Recover NTLM hash python3 certifriedpy domaincom/lowpriv:'Password1' -dc-ip 10101010 -use-ldap

Recent Articles

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors
Threatpost • Sagar Tiwari • 16 May 2022

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue.
The warning comes amid shared reports of multiple services and policies failing after installing the security update. “Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was...

CISA warns not to install May Windows updates on domain controllers
BleepingComputer • Sergiu Gatlan • 16 May 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it.
This security bug is an 
 tracked as CVE-2022-26925, confirmed as a 
.
Unauthenticated attackers abuse CVE-2022-26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTL...

Microsoft: May Windows updates cause AD authentication failures
BleepingComputer • Sergiu Gatlan • 12 May 2022

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday.
This comes after Windows admins started
of some policies failing after installing this month's security updates with "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing account or the password was incorrect." errors.
The issue impacts client and s...

Microsoft closes Windows LSA hole under active attack
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy

Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That's seven critical bugs, 66 deemed important, and one ranked low severity.
At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.
After April's astonishing 100-plus vulnerabilities, May's patching event seems tame by comparison. However, "this month makes up for it in severity and inf...