DCOM DLL Hijacking
We recently discovered the following DCOM classes that are subject to DLL hijacking. If an attacker can write to the associated path, they can move laterally by instantiating the COM object. Some classes have additional DLL hijackin… https://t.co/mCOKUf3axn
The first blog post is here. This one covers the technical details of CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability).
The vulnerability was patched as part of the May 2022 Security Updates from Microsoft.
https://t.co/MJKEoZTuo2
Nice finding!
Note that this is also a UAC bypass.
Finally eventvwr is giving again free UAC bypasses like the good old time of the mscfile hijacking :D
GG WP
Introducing KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
All credits go to @tiraniddo@cube0x0@harmj0y, most of the code was taken from their tools.
https://t.co/gyTmaITNin