CVE-2022-26923

unknown KEV

Published 2022-08-18 · Modified 2022-08-18

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

2.5

Description

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

CISA KEV

Vendor: Microsoft
Product: Active Directory
Due date: 2022-09-08

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Microsoft Security Response Center · View original ↗ · proprietary-no-redistribution

Full prose not cached — VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.

Affected

Vendor	Product	Version
microsoft	Windows 7 for 32-bit Systems Service Pack 1
microsoft	Windows 7 for x64-based Systems Service Pack 1
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1
microsoft	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
microsoft	Windows Server 2012
microsoft	Windows Server 2012 (Server Core installation)
microsoft	Windows 8.1 for 32-bit systems
microsoft	Windows 8.1 for x64-based systems
microsoft	Windows Server 2012 R2
microsoft	Windows RT 8.1
microsoft	Windows Server 2012 R2 (Server Core installation)
microsoft	Microsoft Word 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Word 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft Word 2013 RT Service Pack 1
microsoft	Microsoft Publisher 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Publisher 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1
microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1
microsoft	Microsoft Excel 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Excel 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft Excel 2013 RT Service Pack 1
microsoft	Windows 10 for 32-bit Systems
microsoft	Windows 10 for x64-based Systems
microsoft	Microsoft Excel 2016 (32-bit edition)
microsoft	Microsoft Excel 2016 (64-bit edition)
microsoft	Microsoft Word 2016 (32-bit edition)
microsoft	Microsoft Word 2016 (64-bit edition)
microsoft	Microsoft Publisher 2016 (32-bit edition)
microsoft	Microsoft Publisher 2016 (64-bit edition)

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

auxiliary_admin/dcerpc/cve_2022_26923_certifried rank 300

Active Directory Certificate Services (ADCS) privilege escalation (Certifried)

Source fetch failed: fetch_error — view the original via the link above.

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.