Advertisement
Top
image credit: Unsplash

CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update

May 16, 2022

Via: Security Week
Category:

The vulnerability in question is CVE-2022-26925, which Microsoft describes as a Windows LSA spoofing vulnerability. The issue was addressed with the May 2022 Patch Tuesday updates and Microsoft warned at the time that the vulnerability has been publicly disclosed and exploited in attacks.

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM,” Microsoft said in its advisory, noting that the severity of the flaw increases if it’s chained with another vulnerability.

Read More on Security Week

RELATED PUBLICATIONS

NCSC CTO: Broken market must be fixed to usher in new tech
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
Massive security hole in VPNs shows their shortcomings as a defensive measure

Latest Publications

NCSC CTO: Broken market must be fixed to usher in new tech
EU probes Meta over its provisions for protecting children
Improving cyber defense with open source SIEM and XDR
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!