Active Directory Domain Services Elevation of Privilege Vulnerability
Tags
attack-pattern: Data Dcsync - T1003.006 Dns - T1071.004 Dns - T1590.002 Domain Account - T1087.002 Domain Account - T1136.002 Exploits - T1587.004 Exploits - T1588.005 Tool - T1588.002 Credential Dumping - T1003
Show in Graph
Common Information
Type Value
UUID 4413c50a-4c2b-4723-82f3-790f2cc9aea5
Fingerprint ee196d991e14cd81
Analysis status DONE
Considered CTI value 2
Text language
Published May 16, 2022, 10:46 a.m.
Added to db Nov. 6, 2023, 6:31 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Active Directory Domain Services Elevation of Privilege Vulnerability
Title Active Directory Domain Services Elevation of Privilege Vulnerability
Detected Hints/Tags/Attributes 35/1/11
Source URLs
Redirection Url
Details Source https://research.kudelskisecurity.com/2022/05/16/active-directory-domain-services-elevation-of-privilege-vulnerability/
URL Provider
Details Provider Source level domain
Details kudelskisecurity.com research.kudelskisecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 205 Kudelski Security Research https://research.kudelskisecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 17 
cve-2022-26923
Details CVE 19 
cve-2022-26925
Details Domain 281 
docs.microsoft.com
Details Domain 360 
attack.mitre.org
Details File 3 
setspn.exe
Details Microsoft Patch Numbers 5 
KB5014754
Details MITRE ATT&CK Techniques 289 
T1003
Details Url 1 
https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16
Details Url 1 
https://docs.microsoft.com/en-us/windows/win32/adschema/a-ms-ds-machineaccountquota
Details Url 2 
https://attack.mitre.org/techniques/t1003/006
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc