PT-2022-5501 · Microsoft+11 · Windows+11
Published
2022-11-08
·
Updated
2026-01-22
·
CVE-2022-38023
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows versions prior to the fixed version
Description
The issue is related to errors in security settings of the Netlogon Remote Protocol (MS-NRPC) implementation in Windows operating systems. This allows a remote attacker to elevate their privileges. The vulnerability is associated with weaknesses in the RC4 protection of the NetLogon Secure channel, which uses the same algorithms as rc4-hmac cryptography in Kerberos. The secure checksum is calculated as HMAC-MD5(MD5(DATA),KEY), making it possible for an active attacker to substitute chosen data into the data stream without being detected.
Recommendations
For Windows versions prior to the fixed version, update to the latest version to resolve the issue.
As a temporary workaround, consider restricting access to the Netlogon RPC service until a patch is available.
Avoid using the Netlogon Secure channel for sensitive data transmission until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Rocky Linux
Samba
Suse
Ubuntu
Windows