Critical vulnerability in Microsoft Windows Active Directory


Reading time: minutes ( words)
Critical vulnerability in Microsoft Windows Active Directory

Microsoft has closed a vulnerability rated as critical (CVSS score: 8.1). The vulnerability, listed as CVE-2022-26923, allows attackers to escalate their privileges in Active Directory up to domain administrator with broad privileges and thus take over the entire network. All current systems up to Windows 10 and Windows Server 2022 are affected by the gap.

Our pentester team recently succeeded in a simulated attack to exploit the vulnerability in a customer's network and gain complete control over the Active Directory domain by extending privileges.

Recommended action:

Because the vulnerability can be easily exploited, users should apply the patch from Microsoft immediately.

The required security update and further details on the vulnerability can be found at the following link in Microsoft's Security Update Guide:  

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back