The Patch Tuesday updates released on November 8 addressed CVE-2022-37966, a privilege escalation vulnerability affecting Windows Server.This high-severity flaw can allow an attacker who can collect information about the targeted system to gain admin privileges."An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment," Microsoft explained in its advisory for CVE-2022-37966.
[
add
]
[
|
|
...
]