CVE-2022-26923

EUVD-2022-31469
Active Directory Domain Services Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.19297
microsoftwindows_10_1607
𝑥
< 10.0.14393.5850
microsoftwindows_10_1809
𝑥
< 10.0.17763.4252
microsoftwindows_10_1909
𝑥
< 10.0.18363.2274
microsoftwindows_10_20h2
𝑥
< 10.0.19042.1706
microsoftwindows_10_21h1
𝑥
< 10.0.19043.1706
microsoftwindows_10_21h2
𝑥
< 10.0.19044.1706
microsoftwindows_11_21h2
𝑥
< 10.0.22000.1817
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.5850
microsoftwindows_server_2019
𝑥
< 10.0.17763.4252
microsoftwindows_server_2022
𝑥
< 10.0.20348.1668
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5013963
1607 (x64, x86)
KB5025228
1809 (arm64, x64, x86)
KB5025229
1909 (arm64, x64, x86)
KB5013945
20H2 (arm64, x86)
KB5013942
21H1 (arm64, x64, x86)
KB5013942
21H2 (arm64, x64, x86)
KB5013942
Windows 11
21H2 (arm64, x64)
KB5025224
Windows 8.1
(x64, x86)
KB5014011
Windows RT 8.1
All
KB5014025
Windows Server
20H2 Server Core
KB5013942
Windows Server 2012 R2
Server Core
KB5025288
Standard
KB5025288
Windows Server 2016
Server Core
KB5025228
Standard
KB5025228
Windows Server 2019
Server Core
KB5025229
Standard
KB5025229
Windows Server 2022
Server Core
KB5025230
Standard
KB5025230
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26923