Microsoft · Active Directory Certificate Services · CVE-2022-26925
**Name of the Vulnerable Software and Affected Versions**
Windows LSA versions prior to the fixed version
**Description**
The issue is related to a spoofing vulnerability in the Windows LSA component, allowing attackers to bypass authentication mechanisms. This can enable a remote attacker to perform a "man-in-the-middle" attack by relaying NTLM to Active Directory Certificate Services (AD CS). The vulnerability is actively exploited.
**Recommendations**
For Windows LSA versions prior to the fixed version, update to the latest version to resolve the issue.
As a temporary workaround, consider restricting access to domain controllers to minimize the risk of exploitation.