CVE-2022-26923

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM. Vendor/Product: Microsoft Active Directory. Added to CISA KEV 2022-08-18; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2022-26923