From sentinelone.com
Microsoft released a Windows security update in May 2022, disclosing CVE-2022-26923 Active Directory Domain Services Elevation of privilege vulnerability. The CVE-2022-26923 allows a lower privileged user to acquire a certificate from Active Directory Certificate Services (AD CS) and escalate privileges to the domain controller. However, issues with the update may have prevented some organizations from updating at the time, while others may have been unable to update due to local dependency or compatibility reasons.