8.1
CVSSv3

CVE-2022-26925

Published: 10/05/2022 Updated: 19/05/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Windows LSA Spoofing Vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows server 2008 r2

microsoft windows 7 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows rt 8.1 -

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 10 1809

microsoft windows 10 1909

microsoft windows 11 -

microsoft windows 8.1 -

microsoft windows server 2008 sp2

microsoft windows server 2012 -

microsoft windows server 2019 -

microsoft windows 10 21h2

microsoft windows server 2022

Recent Articles

Emergency Windows 10 updates fix Microsoft Store app issues
BleepingComputer • Sergiu Gatlan • 20 May 2022

Microsoft has released out-of-band (OOB) updates on Thursday evening to address a newly acknowledged issue impacting Microsoft Store apps.
On affected systems, customers might have problems launching or installing Microsoft Store apps, in some cases also seeing 0xC002001B errors.
This known issue affects devices running Windows 10 (versions 21H2, 21H1, and 20H2) where users have installed the
optional preview cumulative update or other updates released since April 25th.
...

CISA warns admins to patch actively exploited VMware, Zyxel bugs
BleepingComputer • Sergiu Gatlan • 17 May 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.
The Spring Framework vulnerability (CVE-2022-22947) is a maximum severity weakness that attackers can abuse to gain remote code execution on unpatched hosts.
This critical bug is currently being 
&n...

CISA warns admins to patch actively exploited Spring, Zyxel bugs
BleepingComputer • Sergiu Gatlan • 17 May 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.
The Spring Framework vulnerability (CVE-2022-22947) is a maximum severity weakness that attackers can abuse to gain remote code execution on unpatched hosts.
This critical bug is currently being 
&n...

CISA warns not to install May Windows updates on domain controllers
BleepingComputer • Sergiu Gatlan • 16 May 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it.
This security bug is an 
 tracked as CVE-2022-26925, confirmed as a 
.
Unauthenticated attackers abuse CVE-2022-26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTL...

Actively Exploited Zero-Day Bug Patched by Microsoft
Threatpost • Elizabeth Montalbano • 11 May 2022

Microsoft has revealed 73 new patches for May’s monthly update of security fixes, including a patch for one flaw–a zero-day Windows LSA Spoofing Vulnerability rated as “important”—that is currently being exploited with man-in-the-middle attacks.
The software giant’s monthly update of patches that comes out every second Tuesday of the month–known as Patch Tuesday—also included fixes for seven “critical” flaws, 65 others rated as “important,” and one rated as “low....

Microsoft fixes new NTLM relay zero-day in all Windows versions
BleepingComputer • Sergiu Gatlan • 10 May 2022

Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol.
LSA (short for Local Security Authority) is a protected Windows subsystem that enforces local security policies and validates users for local and remote sign-ins.
The vulnerability, tracked as CVE-2022-26925 and reported by Bertelsmann Printing...

Microsoft closes Windows LSA hole under active attack
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy

Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That's seven critical bugs, 66 deemed important, and one ranked low severity.
At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.
After April's astonishing 100-plus vulnerabilities, May's patching event seems tame by comparison. However, "this month makes up for it in severity and inf...

Microsoft emergency updates fix Windows AD authentication issues
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Microsoft has released emergency out-of-band (OOB) updates to address Active Directory (AD) authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers.
The company has been working on a fix for this known issue causing
since May 12.
"After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Netw...