Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiOliver Lyak (@ly4k_)ZDI-23-722
HistoryMay 24, 2023 - 12:00 a.m.

Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability

2023-05-2400:00:00
Oliver Lyak (@ly4k_)
www.zerodayinitiative.com
14
vulnerability
microsoft windows
active directory
certificate services
improper authorization
privilege escalation
attackers
authentication
flaw
certificates
crafted data
domain controller
compromise
stored credentials

EPSS

0.002

Percentile

65.0%

JSON

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including crafted data in a certificate request, an attacker can obtain a certificate that allows the attacker to authenticate to a domain controller with a high level of privilege. An attacker can leverage this vulnerability to escalate privileges and disclose stored credentials, leading to further compromise.

Related

zdi 2
nvd 1
cve 1
mscve 1
cvelist 1
prion 1
krebs 1
mskb 16
nessus 10
avleonov 1
qualysblog 1
openvas 7
kaspersky 2
rapid7blog 2
zdi
zdi
Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability
2022-09-06 00:00:00
Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability
2022-09-29 00:00:00
nvd
nvd
CVE-2022-34691
2022-08-09 20:15:10
cve
cve
CVE-2022-34691
2022-08-09 20:15:10
mscve
mscve
Active Directory Domain Services Elevation of Privilege Vulnerability
2022-08-09 07:00:00
cvelist
cvelist
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability
2022-08-09 19:51:54
prion
prion
Privilege escalation
2022-08-09 20:15:00
krebs
krebs
Microsoft Patch Tuesday, August 2022 Edition
2022-08-09 23:01:10
mskb
mskb
August 9, 2022—KB5016669 (Monthly Rollup)
2022-10-11 07:00:00
August 9, 2022—KB5016686 (Security-only update)
2022-10-11 07:00:00
August 9, 2022—KB5016676 (Monthly Rollup)
2022-10-11 07:00:00
nessus
nessus
KB5016686: Windows Server 2008 Security Update (August 2022)
2022-08-09 00:00:00
KB5016679: Windows 7 and Windows Server 2008 R2 Security Update (August 2022)
2022-08-09 00:00:00
KB5016684: Windows Server 2012 Security Update (August 2022)
2022-08-09 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities
2022-08-23 00:00:26
qualysblog
qualysblog
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.
2022-08-09 20:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5016676)
2022-08-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016681)
2022-08-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016639)
2022-08-10 00:00:00
kaspersky
kaspersky
KLA12603 Multiple vulnerabilities in Microsoft Products (ESU)
2022-08-09 00:00:00
KLA12602 Multiple vulnerabilities in Microsoft Windows
2022-08-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56
Patch Tuesday - August 2022
2022-08-09 19:34:51

EPSS

0.002

Percentile

65.0%

JSON
Related for ZDI-23-722
zdi2nvd1cve1mscve1cvelist1prion1krebs1mskb16nessus10avleonov1qualysblog1openvas7kaspersky2rapid7blog2