NVD disclosure day

Published threat advisories for May 10, 2022

CVE-2022-26925

Windows LSA Spoofing Vulnerability Poses Risk to Organizations.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Windows LSA allows attackers to impersonate systems and authenticate to networks. This poses a risk to organizations by potentially enabling unauthorized access and the compromise of sensitive data. Affected organizations should address this vulnerability to mitigate business impact.

NVD published: May 10, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-26923

Microsoft Active Directory Privilege Escalation Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Microsoft Active Directory Domain Services allows an authenticated user to escalate privileges to SYSTEM. This could impact organizational systems and data by enabling unauthorized control. Business risk is elevated due to the potential for significant compromise.

NVD published: May 10, 2022 • CISA KEV