Security Awareness – Active Directory Vulnerabilities Could Allow for Easy Takeover of Windows Domain, Microsoft Warns

Yesterday, Microsoft encouraged customers to patch two Windows Active Directory domain service privilege escalation vulnerabilities that, combined, permit threat actors to effortlessly takeover Windows domains. Microsoft released patches for these vulnerabilities, tracked as CVE-2021-42287 and CVE-2021-42278, during its November security updates. Last week, a proof-of-concept tool leveraging these vulnerabilities was shared on public forums. According to a Microsoft report on these vulnerabilities, “when combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.” Additionally, the Microsoft report provides detection information and signs of compromise for network defender teams. Read more at BleepingComputer or access the original post at Microsoft.