SB2022101216 - Multiple vulnerabilities in Microsoft Active Directory Certificate Services

Description

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-37976)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Active Directory Certificate Services, which leads to security restrictions bypass and privilege escalation.

2) Security features bypass (CVE-ID: CVE-2022-37978)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security feature bypass issue in Windows Active Directory Certificate Services. A remote user can perform a man-in-the-middle (MitM) attack and read or modify network communications.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37976
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37978