An Elevation of Privilege vulnerability in Active Directory affects Certification Authorities (Critical, CVE-2022-34691)

Reading Time: 2 minutes

Windows Server

This week, on its Patch Tuesday for August 2022, Microsoft released a patch that addresses a critical vulnerability (CVE-2022-34691) in Active Directory Domain Services (AD DS).

 

About the vulnerability

An Elevation of Privilege (EoP) vulnerability exists in Active Directory Domain Services (AD DS). The vulnerability can be exploited over the network with low complexity and low privileged required.

An attacker who successfully exploited this vulnerability could gain domain administrator privileges.

 

COMMON VULNERABILITY SCORING

With a CVSS v3.1 score of 8.8/7.7, the vulnerability is rated Critical.

 

Affected Operating Systems

The following Operating Systems are vulnerable:

  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server, version 20H2

A system is vulnerable only if Active Directory Certificate Services (AD CS) is running on the domain. This means that most commonly implemented Certification Authorities (CAs) currently used are vulnerable to attacks.

In multi-tier Certification Authority implementation with an offline root CA, the root CA may not be vulnerable as the server is not a member of Active Directory.

 

Call to action

I urge you to install the necessary security updates on Windows Server installations, acting as Certification Authorities (CAs), based on Active Directory Certificate Services (AD CS), in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, acting as Certification Authorities (CAs), based on Active Directory Certificate Services (AD CS).

 

Further steps

This vulnerability is a member of the same family of other critical Active Directory Certificate Services NTLM Relay Vulnerabilities, like PrintNightmare (CVE-2021-1675 and CVE-2021-34527), PetitPotam (CVE-2021-36942), ShadowCoerce and DFSCoerce.

Therefor, the steps outlined for Certificate-based authentication changes on Windows domain controllers should also be performed to further secure Certification Authorities (CAs) and Domain Controllers and mitigate sign-in errors.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.