{"id":141531,"date":"2022-07-02T00:03:04","date_gmt":"2022-07-02T05:03:04","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/07\/cisa-orders-agencies-to-patch-windows-lsa-bug-exploited-in-the-wild"},"modified":"2022-07-02T00:03:04","modified_gmt":"2022-07-02T05:03:04","slug":"cisa-orders-agencies-to-patch-windows-lsa-bug-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/07\/cisa-orders-agencies-to-patch-windows-lsa-bug-exploited-in-the-wild","title":{"rendered":"CISA orders agencies to patch Windows LSA bug exploited in the wild"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cisa-orders-agencies-to-patch-windows-lsa-bug-exploited-in-the-wild2.jpg\"><\/a><\/p>\n<p>CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft\u2019s May 2022 updates.<\/p>\n<p>The flaw is an actively exploited <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-fixes-new-ntlm-relay-zero-day-in-all-windows-versions\/\" target=\"_blank\">Windows LSA (Local Security Authority) spoofing vulnerability<\/a> tracked as CVE-2022\u201326925 and confirmed to be a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-fixes-new-petitpotam-windows-ntlm-relay-attack-vector\/\" target=\"_blank\">new PetitPotam Windows NTLM Relay attack vector<\/a>.<\/p>\n<p>Unauthenticated attackers can exploit this bug to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, take over the entire Windows domain.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft\u2019s May 2022 updates. The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022\u201326925 and confirmed [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-141531","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/141531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=141531"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/141531\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=141531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=141531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=141531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}