December 17, 2022Rabbi LakshmananServer Security / Network Security

Samba has released software updates that fix multiple vulnerabilities. Exploitation of this vulnerability could allow an attacker to gain control of the affected system.

High severity defects tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, CVE-2022-45141patched in versions 4.17.4, 4.16.8, and 4.15.13. release December 15, 2022.

Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that provides file server, printing, and Active Directory services.

cyber security

A brief description of each weakness follows:

  • CVE-2022-38023 (CVSS score: 8.1) – use of weak RC4-HMAC Kerberos encryption type NetLogon Secure Channel
  • CVE-2022-37966 (CVSS score: 8.1) – Elevation of privilege vulnerability in Windows Kerberos RC4-HMAC
  • CVE-2022-37967 (CVSS Score: 7.2) – Windows Kerberos Elevation of Privilege Vulnerability
  • CVE-2022-45141 (CVSS score: 8.1) – Using RC4-HMAC encryption when issuing Kerberos tickets on Samba Active Directory domain controllers (AD DC) using Heimdall

It is worth noting that both CVE-2022-37966 When CVE-2022-37967The vulnerability, which allows adversaries to gain administrative privileges, was first disclosed by Microsoft as part of the November 2022 Patch Monthly Update.

“An unauthenticated attacker could exploit vulnerabilities in the cryptographic protocols of RFC 4757 (Kerberos Cryptographic Type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure Specification) to compromise the Windows AD environment. may perform an attack that bypasses the security features of .” the company said of CVE-2022-37966.

A patch will also be made available to the US Cybersecurity and Infrastructure Security Agency (CISA) this week. It was published 41 Industrial Control Systems (ICS) advisories for various defects affecting Siemens and Prosys OPC products.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog