Active Directory bugs could allow hackers to take control of Windows domain controllers

/in


Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities in Active Directory domain controllers that it addressed in November.

Active Directory is a directory service that runs on Microsoft Windows Server and is used for identity and access management. Although the tech giant marked the shortcomings as “exploitation Less Likely” in its assessment, the public disclosure of the PoC has prompted renewed calls for applying the fixes to mitigate any potential exploitation by threat actors.

The two flaws, dubbed CVE-2021-42278 and CVE-2021-42287, have a severity rating of 7.5 out of ten and are related to a privilege escalation problem in the Active Directory Domain Services (AD DS) component. Andrew Bartlett of Catalyst IT is credited with detecting and reporting both problems.

While CVE-2021-42278 enables an attacker to tamper with the SAM-Account-Name attribute — which is used to log a user into systems in the Active Directory domain, CVE-2021-42287 makes it possible to impersonate the domain controllers. This effectively grants a bad actor with domain user credentials to gain access as a domain admin user

The Redmond-based company has also provided a step-by-step guide to help users ascertain if the vulnerabilities might have been exploited in their environments. “As always, we strongly advise deploying the latest patches on the domain controllers as soon as possible,” Microsoft said.

“When combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates,” Microsoft’s senior product manager Daniel Naim said. “This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.”

Microsoft is urging customers to apply patches issued in November for two Active Directory domain controller bugs, following publication of a proof-of-concept tool that leverages these bugs, which when chained can allow easy Windows domain takeover.

The vulnerabilities tracked as CVE-2021-42287 and CVE-2021-42278 allow…

Source…