Cyber Resilience

CVE-2022-26923

HighCISA KEVActive ExploitationEUVD Exploited

Published: 10 May 2022

Published
10 May 2022
Modified
30 October 2025
KEV Added
18 August 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9160 99.7th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26923 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-17 (Public Key Infrastructure Certificates).

Deeper analysis

Active Directory Domain Services contains an elevation of privilege vulnerability tracked as CVE-2022-26923 and assigned CWE-295. The flaw affects domain controllers running the Active Directory Domain Services role and carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low attack complexity, and low required privileges.

An authenticated attacker with low-privileged domain credentials can exploit the weakness over the network without user interaction to obtain high impact on confidentiality, integrity, and availability, enabling full domain compromise through privilege escalation.

Microsoft security updates and advisory guidance address the issue, while CISA includes the CVE in its catalog of known exploited vulnerabilities, confirming that patches have been released and should be applied promptly.

The associated EPSS score remains high, with a current value of 0.9160 and a peak of 0.9175, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

Active Directory Domain Services Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
18 August 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19297
microsoft
windows 10 1607
≤ 10.0.14393.5850
microsoft
windows 10 1809
≤ 10.0.17763.4252
microsoft
windows 10 1909
≤ 10.0.18363.2274
microsoft
windows 10 20h2
≤ 10.0.19042.1706
microsoft
windows 10 21h1
≤ 10.0.19043.1706
microsoft
windows 10 21h2
≤ 10.0.19044.1706
microsoft
windows 11 21h2
≤ 10.0.22000.1817
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access decisions so that a low-privileged account cannot obtain domain-admin rights through the certificate-validation flaw.

prevent

Requires proper issuance and validation of PKI certificates, directly mitigating the CWE-295 improper certificate validation that enables the elevation.

prevent

Mandates timely application of the vendor patch that closes the Active Directory certificate-validation vulnerability.

References