Multiple vulnerabilities in Microsoft Windows Kerberos



| Updated: 2022-11-30
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-33679
CVE-2022-33647
CWE-ID CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67274

Risk: High

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2022-33679

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Kerberos. A remote attacker can perform a man-in-the-middle attack, leading to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2003 - 2022 20H2

CPE2.3 External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33679
https://bugs.chromium.org/p/project-zero/issues/detail?id=2310


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67276

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-33647

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Kerberos. A remote attacker can perform a man-in-the-middle attack, leading to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2003 - 2022 20H2

CPE2.3 External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33647
https://bugs.chromium.org/p/project-zero/issues/detail?id=2310


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###