CISA/NIST NVD Alert - CVE-2022-26925
Windows - Microsoft Windows LSA Spoofing Vulnerability
CISA/NIST Known Exploited Vulnerability Alert
CVE Identification Number
CVE-2022-26925
Vendor Name
Microsoft
Product
Windows
Vulnerability Name
Microsoft Windows LSA Spoofing Vulnerability
Description of Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
Date Added to CISA Known Exploited Vulnerability Database
2022-05-11
Remediation
Apply updates per vendor instructions.