Thanks so much. The CVE is listed as being for "Windows Kerberos".
Are there any updates public for MS-KILE and MS-ADTS for CVE-2022-26931 and CVE-2022-26923 yet? I realise the balance on disclosure here, but it would be awesome to have the canonical protocol changes documented before my SambaXP talk next week - 31 May - so I can talk about it more freely and concretely given there is now public exploits for what they are calling "Certifried" (the dnsHostName version of the attack). https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 I'm particularly interested in more details on the cryptic line in https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16 > Additionally, conflicts between User Principal Names (UPN) and > sAMAccountName introduced other emulation (spoofing) vulnerabilities > that we also address with this security update. Did Microsoft follow Samba and make implicit UPNs (from samAccountName) have to be unique against userPrincipalName attributes or is this just a note that there are still dragons here? Thanks! Andrew Bartlett On Thu, 2022-05-12 at 18:20 +0000, Obaid Farooqi wrote: > Hi Andrew: > The Errata is updated for the CVE-2022-26931. The links to changes > are as follows: > > * MS-CRTD: [MS-WINERRATA]: Certificate Templates Structure | > Microsoft Docs > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2F6898053e-8726-4209-ade2-37f8b0474c99&data=05%7C01%7Cobaidf%40microsoft.com%7Cd383524aba8a4c9db31a08da32d84002%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878201609257051%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4olfRxnNEpExyp83ltEe75EhRJ78RLddoDNaubG0duE%3D&reserved=0 > > > * MS-WCCE: [MS-WINERRATA]: Windows Client Certificate Enrollment > Protocol | Microsoft Docs > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc39fd72a-da21-4b13-b329-c35d61f74a60&data=05%7C01%7Cobaidf%40microsoft.com%7Cd383524aba8a4c9db31a08da32d84002%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878201609257051%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vAJ3neS6K%2BpVLSowzpi0juwjB9tOqSxKlNDUyMk63Ys%3D&reserved=0 > > Please try these links and let us know if you still can't see the > changes. > > Regards, > Obaid Farooqi > Escalation Engineer | Microsoft > > -----Original Message----- > From: Sreekanth Nadendla <srena...@microsoft.com> > Sent: Tuesday, May 10, 2022 9:09 PM > To: Andrew Bartlett <abart...@samba.org> > Cc: cifs-protocol mailing list <cifs-protocol@lists.samba.org> > Subject: Can I please get any doc updates for > https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931 > - TrackingID#2205110040000723 > > Dochelp in Bcc > > Hello Andrew, thank you for your question about open specifications > concerning CVE-2022-26931. We have created incident 2205110040000723 > to track the investigation for this issue. > > Regards, > Sreekanth Nadendla > Microsoft Windows Open Specifications > > -----Original Message----- > From: Andrew Bartlett <abart...@samba.org> > Sent: Tuesday, May 10, 2022 5:39 PM > To: Interoperability Documentation Help <doch...@microsoft.com> > Cc: cifs-protocol mailing list <cifs-protocol@lists.samba.org> > Subject: [EXTERNAL] Can I please get any doc updates for > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2022-26931&data=05%7C01%7Cobaidf%40microsoft.com%7C0798fe63f20b4891ee4608da32f332cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878317356273580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ICU12EK9ASPdbxU1QR2UYwIvatZJjBMXZ7QW%2FEFP4Bk%3D&reserved=0 > > Kia Ora Dochelp, > > Can you please point me at the protocol Doc updates for CVE-2022- > 26931 please, as no errata is showing at > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winprotlp%2F8a9c667b-2825-46a8-8066-a80681233c33&data=05%7C01%7Cobaidf%40microsoft.com%7C0798fe63f20b4891ee4608da32f332cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878317356273580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3KrZSpA7YZ25zPp4A5gte%2BlU7eXCVOLNiDO9o%2Fbvz9g%3D&reserved=0 > and I believe it is important for Samba to be able to mitigate this > issue also. > > Thanks! > > Andrew Bartlett > -- > Andrew Bartlett (he/him) > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=05%7C01%7Cobaidf%40microsoft.com%7C0798fe63f20b4891ee4608da32f332cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878317356273580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9kILDzxpT8gAQUnrJHt%2F%2FupWThqyw8QqaUvbJo%2FWEfM%3D&reserved=0 > Samba Team Member (since 2001) > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=05%7C01%7Cobaidf%40microsoft.com%7C0798fe63f20b4891ee4608da32f332cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878317356273580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8QGSPV6yIB8S%2FPQ%2BYKofDSFhbLChHt063xvlIqo621E%3D&reserved=0 > Samba Team Lead, Catalyst IT > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cobaidf%40microsoft.com%7C0798fe63f20b4891ee4608da32f332cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637878317356273580%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eo5crKGngoNk32G6FhGDg7Qb38yXTSi9wOeppan43rE%3D&reserved=0 > > Samba Development and Support, Catalyst IT - Expert Open Source > Solutions > -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol
