Folks that are using ADCS. Please update all servers that run Active Directory Certificate Services and Windows domain controllers that service certificate-based authentication. For more information: Tweet added by DebugPrivilege @DebugPrivilege

DebugPrivilege

2 years

Folks that are using ADCS. Please update all servers that run Active Directory Certificate Services and Windows domain controllers that service certificate-based authentication. For more information:

5

64

160

DebugPrivilege

@DebugPrivilege

2 years

@SecGuru_OTX FYI

0

1

Lars Karlslund - mucking around with your AD

@lkarlslund

2 years

@DebugPrivilege Details here, it's by fellow Danish researcher Oliver Lyak ( @ly4k_ )

1

3

8

DebugPrivilege

@DebugPrivilege

2 years

@lkarlslund @ly4k_ Yeah, I saw that one. It’s an excellent blog post!

0

2

an0n

@an0n_r0

2 years

@DebugPrivilege recreated the poc in my home lab: couple of steps from low-priv user to domain admin. :)

an0n

@an0n_r0

2 years

reproduced, awesome! from owned (or just freshly created) computer account to domain admin in couple of steps using ADCS by exploiting CVE-2022-26923 reported and documented by @ly4k_ . patch DCs ASAP! :)

1

88

215

1

0

6

DebugPrivilege

@DebugPrivilege

2 years

@an0n_r0 Great work!

0

BlueCyberCat

@BlueCyberCat

2 years

@DebugPrivilege @DebugPrivilege Is it somehow connected to the Certificate Pre Owned case from last year?

1

0

Purpl3C0ug4r

@Purpl3C0ug4r

2 years

@DebugPrivilege I spent all morning trying to fix WiFi EAP-TLS auth in my homelab on my Windows clients after I applied this patch. Turns out the workstation auth template I setup in ADCS was lacking the proper SAN entries & oddly NPS rejected those old issues certs. So maybe test this 1st.

2

3

14

Replies