CVE-2022-26923

Active Directory Domain Services and Certificate Services (affected versions not specified)

Description: This issue involves an elevation of privilege vulnerability affecting Active Directory Domain Services and Certificate Services. Successful exploitation allows attackers to impact the system and potentially gain control of the domain. The vulnerability stems from improper authorization within the certificate services, enabling attackers to create machine accounts and perform Kerberoasting attacks to extract service account credentials from domain controllers. Exploitation requires authentication and involves manipulating certificate requests to obtain certificates with elevated privileges. Recent reports indicate that cybercriminals are actively exploiting this issue, often in conjunction with social engineering tactics, to compromise systems and escalate privileges. The vulnerability, also known as "Certifried," allows attackers to add a computer to the domain and subsequently extract NTLM hashes, potentially leading to domain takeover. Several sophisticated intrusion attempts have been linked to this vulnerability, with attackers adapting their techniques to bypass security measures.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.