Folks that are using ADCS. Please update all servers that run Active Directory Certificate Services and Windows domain controllers that service certificate-based authentication. For more information:
reproduced, awesome! from owned (or just freshly created) computer account to domain admin in couple of steps using ADCS by exploiting CVE-2022-26923 reported and documented by
@ly4k_
. patch DCs ASAP! :)
@DebugPrivilege
I spent all morning trying to fix WiFi EAP-TLS auth in my homelab on my Windows clients after I applied this patch. Turns out the workstation auth template I setup in ADCS was lacking the proper SAN entries & oddly NPS rejected those old issues certs. So maybe test this 1st.