CVE-2022-26923 — Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
2022-08-18 • CISA Known Exploited Vulnerability
[event] An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Active Directory |
| CWE | CWE-295 |
| CVE ID | CVE-2022-26923 |
| Date Added | 2022-08-18 |
| Due Date | 2022-09-08 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-09-08