The Latest in IT Security

CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update

16
May
2022
CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update

image credit: pixabay

The vulnerability in question is CVE-2022-26925, which Microsoft describes as a Windows LSA spoofing vulnerability. The issue was addressed with the May 2022 Patch Tuesday updates and Microsoft warned at the time that the vulnerability has been publicly disclosed and exploited in attacks.

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM,” Microsoft said in its advisory, noting that the severity of the flaw increases if it’s chained with another vulnerability.

Read More

Comments are closed.

Categories

TUESDAY, JUNE 28, 2022
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments