Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2022-37967

Published: 09/11/2022 Updated: 17/09/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Windows Server 2008

Vulnerability Summary

Windows Kerberos Elevation of Privilege Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2008 -

microsoft windows server 2012 -

microsoft windows server 2019 -

microsoft windows server 2022 -

fedoraproject fedora 36

fedoraproject fedora 37

netapp management services for element software -

netapp management services for netapp hci -

samba samba

Vendor Advisories

Ubuntu Security Notice: USN-5822-1: Samba vulnerabilities
Several security issues were fixed in Samba ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Windows Kerberos Elevation of Privilege Vulnerability ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2828 samba 4174-4 4175-1 Unknown Fixed ...

Github Repositories

https://github.com/RkDx/MyRuby

Rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses It is heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-SA 40 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin project (GPL v30 license) Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not

https://github.com/OsandaMalith/Rubeus

Rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses It is heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-SA 40 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin project (GPL v30 license) Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not

https://github.com/glshnu/MS-November-2022-Updates

Links, Lösungsansätze [18112022] MS OOB Update released Cumulative updates: Windows Server 2022: KB5021656 Windows Server 2019: KB5021655 Windows Server 2016: KB5021654 [14112022] event-id-144771-benutzer-koennen-sich-nach-november-update-nicht-anmelden !! Aktuell scheint es Probleme mit den Patches zu geben !! Siehe Lösungsansätze November-Update bringt

https://github.com/GhostPack/Rubeus

Trying to tame the three-headed dog.

Rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses It is heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-SA 40 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin project (GPL v30 license) Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not

https://github.com/qobil7681/Password-cracker

Rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses It is heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-SA 40 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin project (GPL v30 license) Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not

https://github.com/Pascal-0x90/Rubeus

Rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses It is heavily adapted from Benjamin Delpy's Kekeo project (CC BY-NC-SA 40 license) and Vincent LE TOUX's MakeMeEnterpriseAdmin project (GPL v30 license) Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not

https://github.com/glshnu/KB5019081

Links, Lösungsansätze [18112022] MS OOB Update released Cumulative updates: Windows Server 2022: KB5021656 Windows Server 2019: KB5021655 Windows Server 2016: KB5021654 [14112022] event-id-144771-benutzer-koennen-sich-nach-november-update-nicht-anmelden !! Aktuell scheint es Probleme mit den Patches zu geben !! Siehe Lösungsansätze November-Update bringt

Recent Articles

Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Emergency out-of-band updates to the rescue

Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates. As we reported last week, updates released November 8 or later that were installed on Windows Server with the Domain Controller duties of managing network and identity security requests disrupted Kerberos authentication capabilities, ranging from failures in domain user sign-ins and Group Managed Service Accounts authentication to ...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967https://security.gentoo.org/glsa/202309-06https://ubuntu.com/security/notices/USN-5822-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook