Main Vulnerability Database Exploits ID:10644 - Exploit for Not Failing Securely ('Failing Open') in Windows and Windows Server - CVE-2024-43532

ID:10644 - Exploit for Not Failing Securely ('Failing Open') in Windows and Windows Server - CVE-2024-43532

Published: October 23, 2024

Vulnerability identifier: #VU98219

Vulnerability risk: High

CVE-ID: CVE-2024-43532

CWE-ID: CWE-636

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532

Vulnerability description

The vulnerability allows a remote user to escalate privileges in Active Directory domain.

The vulnerability exists due to the way the Remote Registry client handles RPC authentication during certain fallback scenarios when SMB transport is unavailable. A remote user can authenticated against the AD server, intercept the NTLM authentication handshake from the client and forward it to another service, such as the (ADCS), and create a new domain administrator.

Successful exploitation of the vulnerability may allows a domain user to take over the entire AD.

Remediation

Install updates from vendor's website.

ID:10644 - Exploit for Not Failing Securely ('Failing Open') in Windows and Windows Server - CVE-2024-43532

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human