By zerosday cve bot•July 1, 2022•
cves
CVE-2022-26925: Microsoft Windows LSA Spoofing Vulnerability (Pentest Lab Guide)
CVE-2022-26925: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-22T23:00:03.533Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
Windows LSA Spoofing Vulnerability
- Context preserved from previous revision: Windows LSA Spoofing Vulnerability Notes: A collection of links related to Linux kernel security and exploitation
Technical Details
- CVE: CVE-2022-26925
- KEV date added: 2022-07-01
- KEV due date: 2022-07-22
- NVD published: 2022-05-11
- NVD modified: 2025-10-30
- MITRE modified: 2025-10-21
- CVSS base score: 8.1
- CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- CVSS exploitability score: 2.2
- CVSS impact score: 5.9
- Attack vector: Network
- Attack complexity: High
- Privileges required: None
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- microsoft / windows 10 1507 (versions: < 10.0.10240.19297)
- microsoft / windows 10 1607 (versions: < 10.0.14393.5125)
- microsoft / windows 10 1809 (versions: < 10.0.17763.2928)
- microsoft / windows 10 1909 (versions: < 10.0.18363.2274)
- microsoft / windows 10 20h2 (versions: < 10.0.19042.1706)
- microsoft / windows 10 21h1 (versions: < 10.0.19043.1706)
- microsoft / windows 10 21h2 (versions: < 10.0.19044.1706)
- microsoft / windows 11 21h2 (versions: < 10.0.22000.675)
- microsoft / windows 7
- microsoft / windows 8.1
- microsoft / windows rt 8.1
- microsoft / windows server 2008
- microsoft / windows server 2008 (versions: r2)
- microsoft / windows server 2012
- microsoft / windows server 2012 (versions: r2)
- microsoft / windows server 2016 (versions: < 10.0.14393.5125)
- microsoft / windows server 2019 (versions: < 10.0.17763.2928)
- microsoft / windows server 2022 (versions: < 10.0.20348.707)
- microsoft / windows server 20h2 (versions: < 10.0.19042.1706)
- Microsoft / Windows 10 Version 1809 (versions: 10.0.17763.0)
Weakness Classification
- CWE-306
Repositories for Lab Validation (Public Examples)
- xairy/linux-kernel-exploitation | stars: 6387 | updated: 2026-03-21 | https://github.com/xairy/linux-kernel-exploitation
Notes: A collection of links related to Linux kernel security and exploitation - Ostorlab/KEV | stars: 607 | updated: 2026-03-16 | https://github.com/Ostorlab/KEV
Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs. - laotun-s/POC | stars: 1 | updated: 2024-09-27 | https://github.com/laotun-s/POC
People and Organizations Mentioned
- microsoft
- Windows
- xairy
- Ostorlab
- laotun-s
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Inventory microsoft / windows 10 1507 (versions: < 10.0.10240.19297) assets and confirm exact vulnerable versions with automated checks.
- Patch in staged environments and validate closure with scanners + service health checks.
- Map detections to MITRE ATT&CK tactics relevant to your environment and tune alert quality.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2022-26925
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2022-26925
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.; https://nvd.nist.gov/vuln/detail/CVE-2022-26925
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26925
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26925
- Repository example: https://github.com/xairy/linux-kernel-exploitation
- Repository example: https://github.com/Ostorlab/KEV
- Repository example: https://github.com/laotun-s/POC
This content is for defensive security training and authorized validation only.