Microsoft disclosed the new threat as part of its May 2022 ‘Patch Tuesday’ update, which contains fixes for 75 flaws across its products and platforms, including three zero-day vulnerabilities (1,2,3). Of the three, the big news is CVE-2022-26925, which has been actively exploited and impacts every Windows Version, from old Windows 7, all the way to the new, Windows 11 and all Windows Server versions.
As it stands, Microsoft is limiting information about the zero-day and has only described it, in general, and confirmed it has been exploited in the wild: “Publicly Disclosed: Yes. Exploited: Yes. Latest Software Release: Exploitation Detected.”
The big piece to understand about CVE-2022-26925 is it has the ability to allow hackers to gain elevated privileges(Admin privileges) right up to the identity of a domain controller. This is the “Holy Grail” for hackers because it gives them the right to perform any action on your PC. In isolation, Microsoft has assigned the flaw as carrying a CVSS severity rating of 8.1/10, but this can rise to 9.8/10 when used in conjunction to attack other computers and servers on a network.