CISA adds Windows LSA Spoofing Vulnerability (CVE-2022-26925) to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added a former zero-day Windows LSA Spoofing Vulnerability (CVE-2022-26925) to its Known Exploited Vulnerabilities Catalog.

An attacker could exploit these vulnerabilities to take control of impacted systems.

As part of May 2022 security updates, Microsoft patched the Windows LSA Spoofing Vulnerability (CVE-2022-26925).

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it,” Microsoft warned in the advisory.

Although the issue was not rated Critical at the time, Microsoft confirmed that “exploitation was detected.”

Moreover, Threatpost wrote in a blog post that when CVE-2022-26925 is chained with a new technology LAN manager (NTLM) relay attack, the CVSS score for the attack chain is raised to 9.8. The analysis was provided by Allan Liska, a senior security architect at Recorded Future, in an e-mail to Threatpost.

Readers can check out the full CISA Known Exploited Vulnerabilities Catalog for a complete list of the most recently added exploited vulnerabilities as of July 1, 2022.

Related Articles