CVE-2022-26925

FAQ

How could an attacker exploit this vulnerability?

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it.

Is there more information available on how to protect my system?

Yes. Please see ADV210003 Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS).

Are there further actions I need to take to protect my system after I have applied the security update?

Yes. Please see KB5005413 for more information on the steps that you need to take to protect your system. Please note that the combined CVSS score would be 9.8 when this vulnerability is chained with the noted NTLM Relay Attacks on Active Directory Certificate Services (AD CS).

Should I prioritize updating domain controllers when I apply the security updates released on May 10, 2022?

Yes. This vulnerability affects all servers but domain controllers should be prioritized in terms of applying security updates.

How will installing the updates that address this CVE impact my environment?

The EFS API OpenEncryptedFileRaw(A/W), often used in backup software, continues to work in all versions of Windows (local and remote), except when backing up to or from a system running Windows Server 2008 SP2. OpenEncryptedFileRaw will no longer work on Windows Server 2008 SP2.

Note: If you are unable to use backup software on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 and later, after installing the updates that address this CVE, contact the manufacturer of your backup software for updates and support.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.