CVE-2022-30170

Name of the Vulnerable Software and Affected Versions Windows Server versions 2008 through 2016 Windows versions 8.1 through 10 (including 1607, 1809, 20h2, 21h1, 21h2)

Description The issue is related to an elevation-of-privilege vulnerability in the Windows Credential Roaming Service, which is associated with insufficient access restrictions. This vulnerability can be exploited by an attacker to elevate their privileges. The vulnerability exists in the DSInternals.Common.Data.RoamedCredential.Save() method, which incorrectly parses the msPKIAccountCredentials LDAP attribute values. This allows a malicious actor to modify the file system of the computer where an application using this function is executed with administrative privileges.

Recommendations For Windows Server versions 2008 through 2016 and Windows versions 8.1 through 10, update to a version that includes the fix for this issue, such as DSInternals 4.8. As a temporary workaround, consider restricting access to the DSInternals.Common library and the msPKIAccountCredentials attribute in Active Directory to minimize the risk of exploitation. Avoid using the DSInternals.Common.Data.RoamedCredential.Save() method in applications with administrative privileges until the issue is resolved.