From neowin.net
Microsoft patched a Windows Local Security Authority (LSA) spoofing vulnerability being tracked under CVE-2022-26925 with its latest Patch Tuesday updates. The high severity flaw enabled unauthenticated attackers to call a method anonymously and force the Domain Controller (DC) to authenticate them via NTLM. In the worst case, this could lead to elevation of privilege and an attacker taking control of your entire domain.