#VU98219 Not Failing Securely ('Failing Open') in Windows and Windows Server - CVE-2024-43532
Published: October 8, 2024 / Updated: October 23, 2024
Vulnerability identifier: #VU98219
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2024-43532
CWE-ID: CWE-636
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote user to escalate privileges in Active Directory domain.
The vulnerability exists due to the way the Remote Registry client handles RPC authentication during certain fallback scenarios when SMB transport is unavailable. A remote user can authenticated against the AD server, intercept the NTLM authentication handshake from the client and forward it to another service, such as the (ADCS), and create a new domain administrator.
Successful exploitation of the vulnerability may allows a domain user to take over the entire AD.
Remediation
Install updates from vendor's website.