CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft’s May 2022 updates.
The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022–26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.
Unauthenticated attackers can exploit this bug to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, take over the entire Windows domain.
Comments are closed.