Not Failing Securely ('Failing Open') in Windows and Windows Server - CVE-2024-43532
Published: October 8, 2024 / Updated: October 23, 2024
Vulnerability identifier: #VU98219
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2024-43532
CWE-ID: CWE-636
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote user to escalate privileges in Active Directory domain.
The vulnerability exists due to the way the Remote Registry client handles RPC authentication during certain fallback scenarios when SMB transport is unavailable. A remote user can authenticated against the AD server, intercept the NTLM authentication handshake from the client and forward it to another service, such as the (ADCS), and create a new domain administrator.
Successful exploitation of the vulnerability may allows a domain user to take over the entire AD.
How to mitigate CVE-2024-43532
Install updates from vendor's website.