Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2022-37966

Published: 09/11/2022 Updated: 17/09/2023
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Windows Server 2008

Vulnerability Summary

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2008 -

microsoft windows server 2012 -

microsoft windows server 2019 -

microsoft windows server 2022 -

fedoraproject fedora 36

fedoraproject fedora 37

netapp management services for element software -

netapp management services for netapp hci -

samba samba

Vendor Advisories

Ubuntu Security Notice: USN-5822-1: Samba vulnerabilities
Several security issues were fixed in Samba ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2828 samba 4174-4 4175-1 Unknown Fixed ...

Github Repositories

https://github.com/takondo/11Bchecker

11B checker This is a sample PowerShell script to help detect potential authentication issues that may occur in an AD environment after installing Windows Update from November 2022 or newer The msDS-SupportedEncryptionTypes attribute that is mentioned in the script is an attribute that can be configured on AD objects such as computers and users to signify as a bitmap the types

https://github.com/glshnu/MS-November-2022-Updates

Links, Lösungsansätze [18112022] MS OOB Update released Cumulative updates: Windows Server 2022: KB5021656 Windows Server 2019: KB5021655 Windows Server 2016: KB5021654 [14112022] event-id-144771-benutzer-koennen-sich-nach-november-update-nicht-anmelden !! Aktuell scheint es Probleme mit den Patches zu geben !! Siehe Lösungsansätze November-Update bringt

https://github.com/glshnu/KB5019081

Links, Lösungsansätze [18112022] MS OOB Update released Cumulative updates: Windows Server 2022: KB5021656 Windows Server 2019: KB5021655 Windows Server 2016: KB5021654 [14112022] event-id-144771-benutzer-koennen-sich-nach-november-update-nicht-anmelden !! Aktuell scheint es Probleme mit den Patches zu geben !! Siehe Lösungsansätze November-Update bringt

Recent Articles

Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Emergency out-of-band updates to the rescue

Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates. As we reported last week, updates released November 8 or later that were installed on Windows Server with the Domain Controller duties of managing network and identity security requests disrupted Kerberos authentication capabilities, ranging from failures in domain user sign-ins and Group Managed Service Accounts authentication to ...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966https://security.gentoo.org/glsa/202309-06https://ubuntu.com/security/notices/USN-5822-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook