On May 10th, 2022, a zero-day vulnerability was reported in the Windows Operating System which, when exploited, allows an attacker to authenticate to a domain controller. The vulnerability has a high complexity as it involves both a MiTM attack, as well as a new technology LAN manager (NTLM) relay attack.
https://cve.report/CVE-2022-26925
Release : 14.3
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
my team reviewed the CVE report, and explored Microsofts articles on this, specifically:
https://msrc.microsoft.com/update-guide/vulnerability/ADV210003
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
and:
https://msrc-blog.microsoft.com/2009/12/08/extended-protection-for-authentication/
Per these documents, this appears to be a vulnerability within Windows, and the mitigation actions are on both the Windows servers and Windows clients and do not see any actions that would need to be performed in our software or could be performed in our software to prevent this exploitation.
This link indicates this was removed from the vulnerability list and directs you to apply the Microsoft Patches on each client machine:
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/13/cisa-temporarily-removes-cve-2022-26925-known-exploited