by Ben Barnea \r\n Executive summary \r\n \r\n Akamai researcher Ben Barnea found an important vulnerability in the Windows Server service that was assigned CVE-2022-30216 and a base score of 8.8. \r\n \r\n The vulnerability takes advantage of an off-by-one error in a security callback procedure that the Server service implements. \r\n \r\n We confirmed that the vulnerability exists in unpatched Windows 11 and Windows Server 2022 machines. \r\n \r\n When combined with a New Technology LAN Manager (NTLM) relay attack on the Active Directory Certificate Services (AD CS), the vulnerability gives an attacker with domain credentials the ability to run code remotely on the domain controller. \r\n \r\n We also believe that an attacker might be able to use this technique to modify a server’s certificate mapping and therefore perform server spoofing. \r\n \r\n The vulnerability was responsibly disclosed to Microsoft and addressed in July’s Patch Tuesday.…