Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 10 1507
OSMicrosoft< 10.0.10240.19297Microsoft Windows 10 1607
OSMicrosoft< 10.0.14393.5850Microsoft Windows 10 1809
OSMicrosoft< 10.0.17763.4252Microsoft Windows 10 1909
OSMicrosoft< 10.0.18363.2274Microsoft Windows 10 20h2
OSMicrosoft< 10.0.19042.1706Microsoft Windows 10 21h1
OSMicrosoft< 10.0.19043.1706Microsoft Windows 10 21h2
OSMicrosoft< 10.0.19044.1706Microsoft Windows 11 21h2
OSMicrosoft< 10.0.22000.1817Microsoft Windows 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Rt 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.5850Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.4252Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.1668
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Active Directory
- Added to KEVi
- August 18, 2022
- Remediation deadline (US Federal)i
- September 8, 2022(overdue)
Apply updates per vendor instructions.
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
HTTP Protocol Stack Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) ...