The Latest in IT Security

CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update

16
May
2022
CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update

image credit: pixabay

The vulnerability in question is CVE-2022-26925, which Microsoft describes as a Windows LSA spoofing vulnerability. The issue was addressed with the May 2022 Patch Tuesday updates and Microsoft warned at the time that the vulnerability has been publicly disclosed and exploited in attacks.

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM,” Microsoft said in its advisory, noting that the severity of the flaw increases if it’s chained with another vulnerability.

Related posts:
  1. Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows
  2. Organizations Warned of Attacks Exploiting Recently Patched Windows Vulnerability
  3. Researcher Publishes Four Zero-Day Exploits in Three Days
  4. Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks
  5. Attackers Still Finding Plenty of Systems Vulnerable to Bluekeep

Read More

Tags:  
Written by Securityweek
0 Comments
Comments are closed.

Categories

TUESDAY, MARCH 11, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments