May 16, 2022

CISA warns not to install May Windows updates on domain controllers

Posted by in category: cybercrime/malcode

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it.

This security bug is an actively exploited Windows LSA spoofing zero-day tracked as CVE-2022–26925, confirmed as a new PetitPotam Windows NTLM Relay attack vector.

Unauthenticated attackers abuse CVE-2022–26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, gain control over the entire Windows domain.

Comments are closed.