The Cybersecurity and Infrastructure Security Agency has temporarily omitted the Windows Local Security Authority Spoofing flaw, tracked as CVE-2022-26925, from its Known Exploited Vulnerability Catalog following a problematic fix issued by Microsoft, reports ZDNet.
Fixes issued by Microsoft to address the security bug could trigger authentication failures, prompting the flaw's removal from CISA's catalog. Microsoft had noted that exploiting the flaw could prompt an unauthenticated threat actor to manipulate the LSARPC interface and force authentication for domain controllers through NTLM.
"After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller," said CISA.