H3-2022-0086

Domain User with Local Administrator Privileges

Description

A regular domain user account was found to have local administrator privileges on a machine.

Impact

Attackers can exploit this weakness to carry out privileged actions such as dumping credentials, disabling anti-virus, and adding accounts.

References

• Implementing Least-Privilege Administrative Models