Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month’s Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows.

Even though they were so-called EoP holes rather than RCE bugs (elevation of privilegeinstead of the more serious problem of remote code execution), they were neverthless rated Criticalgiven that the bugs applied to Active Directory (AD) and Windows Domain Controllers (DCs).

The name domain controller means exactly what it says: DCs are servers that look after authentication and access control for users, computers, services and devices for an entire network domain.

An old Latin satirical poem wryly asks, “Who is the custodian ipsos custodes?” (Who will guard the guards themselves?), And in the case of a Windows network, the short answer is that the guard that guards everthing else is your domain controller.

In other words, an authentication bypass against your domain controller could quickly lead to compromise of almost everything else on your network.

Related posts


Latest posts

Security For Want of a Nail

Do not Overlook Lifecycle and Data Management Details By Gregory Hoffer, CEO, Coviant Software Threat actors are a relentless bunch. They continue to evolve their...

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!