CVE-2022-26925: Microsoft Windows LSA Spoofing Vulnerability. Microsoft
Microsoft Windows LSA Spoofing Vulnerability. Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
- CISA KEV-listed (remediation due 2022-07-22)
- EPSS 37.4% (97.3% percentile)