Critical vulnerability in Microsoft Windows Active Directory
by Tina Siering
Microsoft has closed a vulnerability rated as critical (CVSS score: 8.1). The vulnerability, listed as CVE-2022-26923, allows attackers to escalate their privileges in Active Directory up to domain administrator with broad privileges and thus take over the entire network. All current systems up to Windows 10 and Windows Server 2022 are affected by the gap.
Our pentester team recently succeeded in a simulated attack to exploit the vulnerability in a customer's network and gain complete control over the Active Directory domain by extending privileges.
Recommended action:
Because the vulnerability can be easily exploited, users should apply the patch from Microsoft immediately.
The required security update and further details on the vulnerability can be found at the following link in Microsoft's Security Update Guide: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923