CVE-2021-36942

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. Vendor/Product: Microsoft Windows. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.