Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Microsoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services (AD CS) that could allow attackers to perform denial-of-service attacks over a network.
The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and has been assigned an “Important” severity rating with a CVSS score of 6.5/5.7.
The security flaw stems from improper input validation in Active Directory Certificate Services, a critical Windows role that enables organizations to issue and manage digital certificates for internal security purposes.
Microsoft AD CS Improper Input Validation Flaw
The issue is categorized under CWE-20, Microsoft’s technical documentation indicates that “Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network”.
When exploited, attackers can cause the AD CS service to become unresponsive, potentially disrupting authentication processes, secure communications, and other certificate-dependent operations across an organization’s infrastructure.
According to Microsoft’s security bulletin, the vulnerability in the CVSS vector string indicates that this vulnerability can be exploited over a network with low attack complexity and requires low privileges.
No user interaction is necessary for exploitation, and while the vulnerability doesn’t impact confidentiality or integrity , it can severely affect availability .
Researchers note that this vulnerability is concerning because an authenticated attacker with relatively low privileges could potentially disrupt certificate services across an entire organization.
Risk Factors Details Affected Products– Windows Server 2022 (including 23H2 Edition) – Windows Server 2019 – Windows Server 2016 – Windows Server 2012/2012 R2 – Windows Server 2008/2008 R2 ImpactDenial of Service (DoS) via AD CS service disruption Exploit Prerequisites– Low-privileged authenticated access – Active Directory Certificate Services (AD CS) role enabled CVSS 3.1 Score6.5 (Important)
Affected Systems
The vulnerability impacts multiple Windows Server versions, including:
Both standard and Server Core installations are affected, as detailed in Microsoft’s advisory. The vulnerability specifically targets the AD CS role when enabled on these servers.
Patches Released
Microsoft has released security updates to address this vulnerability. IT administrators are advised to apply the appropriate patches based on their Windows Server version. For example:
Microsoft has assessed the exploitability as “Exploitation Unlikely” and confirmed that the vulnerability has not been publicly disclosed or exploited in the wild. Nevertheless, security teams should remain vigilant.
The anonymous security researcher who discovered and reported this vulnerability through coordinated disclosure has been acknowledged by Microsoft in their security bulletin.
Organizations utilizing Active Directory Certificate Services are advised to implement the relevant security updates as part of their regular patch management process.
#Cyber_Security #Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network
Author: Guru BaranMicrosoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services (AD CS) that could allow attackers to perform denial-of-service attacks over a network.
The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and has been assigned an “Important” severity rating with a CVSS score of 6.5/5.7.
The security flaw stems from improper input validation in Active Directory Certificate Services, a critical Windows role that enables organizations to issue and manage digital certificates for internal security purposes.
Microsoft AD CS Improper Input Validation Flaw
The issue is categorized under CWE-20, Microsoft’s technical documentation indicates that “Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network”.
When exploited, attackers can cause the AD CS service to become unresponsive, potentially disrupting authentication processes, secure communications, and other certificate-dependent operations across an organization’s infrastructure.
According to Microsoft’s security bulletin, the vulnerability in the CVSS vector string indicates that this vulnerability can be exploited over a network with low attack complexity and requires low privileges.
No user interaction is necessary for exploitation, and while the vulnerability doesn’t impact confidentiality or integrity , it can severely affect availability .
Researchers note that this vulnerability is concerning because an authenticated attacker with relatively low privileges could potentially disrupt certificate services across an entire organization.
Risk Factors Details Affected Products– Windows Server 2022 (including 23H2 Edition) – Windows Server 2019 – Windows Server 2016 – Windows Server 2012/2012 R2 – Windows Server 2008/2008 R2 ImpactDenial of Service (DoS) via AD CS service disruption Exploit Prerequisites– Low-privileged authenticated access – Active Directory Certificate Services (AD CS) role enabled CVSS 3.1 Score6.5 (Important)
Affected Systems
The vulnerability impacts multiple Windows Server versions, including:
- Windows Server 2022 (including 23H2 Edition).
- Windows Server 2019.
- Windows Server 2016.
- Windows Server 2012/2012 R2.
- Windows Server 2008/2008 R2.
Both standard and Server Core installations are affected, as detailed in Microsoft’s advisory. The vulnerability specifically targets the AD CS role when enabled on these servers.
Patches Released
Microsoft has released security updates to address this vulnerability. IT administrators are advised to apply the appropriate patches based on their Windows Server version. For example:
- Windows Server 2022: KB5058385 (Security Update 10.0.20348.3692).
- Windows Server 2019: KB5058392 (Security Update 10.0.17763.7314).
- Windows Server 2016: KB5058383 (Security Update 10.0.14393.8066).
Microsoft has assessed the exploitability as “Exploitation Unlikely” and confirmed that the vulnerability has not been publicly disclosed or exploited in the wild. Nevertheless, security teams should remain vigilant.
The anonymous security researcher who discovered and reported this vulnerability through coordinated disclosure has been acknowledged by Microsoft in their security bulletin.
Organizations utilizing Active Directory Certificate Services are advised to implement the relevant security updates as part of their regular patch management process.
#Cyber_Security #Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
