On Patch Tuesday this month, Microsoft released patches for dozens of vulnerabilities, some of which are critical and one of which is being actively exploited in the wild.
The flaws are found in various versions of Windows, .NET and Visual Studio, Office, Exchange Server, BitLocker, Remote Desktop Client, NTFS, and the Microsoft Edge browser.
The issue exploited in the wild is identified as CVE-2022-26925 and is described as a Windows LSA spoofing vulnerability. According to Microsoft's security advisory, an authenticated malicious actor could abuse the flaw by calling a method on the LSARPC interface and forcing the domain controller to authenticate the attacker using NTLM. It has a severity score of 8,1.
As for critical issues, there are five remote code execution (RCE) flaws and two elevation of privilege (EoP) vulnerabilities. Among these is CVE-2022-26923, a critical flaw that exploits the way certificates are issued, by injecting data into a certificate request. In this way, the threat actor can obtain a certificate capable of authenticating an elevated domain controller. In other words, the threat actor can gain administrator privileges on any domain running Active Directory Certificate Services. This one has a severity score of 8,8.
Denial of service, identity theft, etc.
The cumulative update also fixes 67 vulnerabilities, most of which are RCE and EoP flaws, denial of service flaws, spoofing issues, and defense loopholes.
Since the update fixes some very serious flaws, Windows OS administrators are advised to fix their endpoints immediately.
This will likely be one of the last cumulative Patch Tuesday updates, as Microsoft plans to phase out the practice altogether.
Last month, the company announced that it would work to automatically update all Windows enterprise endpoints with the new program starting in July of this year.
The updates will be rolled out in three phases, to minimize the risk of locking down all devices on a corporate network at once.
Via: ZDNet