1 minute read
COULD BE USED BY ATTACKERS
Microsoft fixed the high severity privilege escalation vulnerability CVE-2022-26923 in AD domain services on May 10, 2022. The vulnerability had a Common Vulnerability Scoring System (CVSS) score of 8.8 and a high severity rating. It allowed low-privileged users to escalate their privileges to the level of domain administrators. With domain admin, attackers could then access business-critical assets, such as the Exchange server, financial data, e-commerce applications, etc. Such access explains why ransomware groups target AD so they can take over multiple hosts within a network and have the widest possible reach
CVE-2022-26923 poses a high risk to compromised systems, allowing attackers to abuse AD certificate services According to Microsoft, “An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from AD that would allow elevation of privilege to System.” The acquired certificate could then be used for additional attacks, such as DCSync. With the certificate, an attacker can also retrieve a hash of the domain controller’s domain account to impersonate a domain controller and replicate all password information in the environment.
