SUSE CVE-2018-16853

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore t...

SUSE CVE-2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name...

SUSE CVE-2019-3870

A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner root only access. However in some...

SUSE CVE-2019-12435

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server dnsserver RPC server process...

SUSE CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

SUSE CVE-2022-0336

The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...

Active Directory Certificate Services (ADCS) privilege escalation (Certifried)

This module exploits a privilege escalation vulnerability in Active Directory Certificate Services ADCS to generate a valid certificate impersonating the Domain Controller DC computer account. This certificate is then used to authenticate to the target as the DC account using PKINIT...

Kerberos Silver/Golden/Diamond/Sapphire Ticket Forging

This module forges a Kerberos ticket. Four different techniques can be used: - Silver ticket: Using a service account hash, craft a ticket impersonating any user and privileges to that account. - Golden ticket: Using the krbtgt hash, craft a ticket impersonating any user and privileges. - Diamond...

November 8, 2022—KB5019970 (OS Build 10240.19567) - EXPIRED

November 8, 2022—KB5019970 OS Build 10240.19567 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

OESA-2023-1017 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DC...

Autobloody - Tool To Automatically Exploit Active Directory Privilege Escalation Paths Shown By BloodHound

autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound. Description This tool automates the AD privesc between two AD objects, the source the one we own and the target the one we want if a privesc path exists in BloodHound database. The...

Amazon Linux 2022 : samba (ALAS2022-2022-224)

The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-224 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the...

Failed to Publish FAS Certificate Template with "RPC server unavailable. 0x800706ba"

Failed to publishFAS certificate Template with"An error occurred: CCertAdmin::GetCAProperty:RPC server unavailable. 0x800706ba". On Domain Controller,there is an error message in Event Log "RPCCAUTHNLEVELPKTINTEGRITY"and EventID is 10036...

KB5021652: Out-of-band update for Windows Server 2012: November 17, 2022

KB5021652: Out-of-band update for Windows Server 2012: November 17, 2022 Summary This update includes improvements for the following: Addresses a known issue that affects Windows Servers that have the Domain Controller DC role. They might have Kerberos authentication issues if both of the followi...

November 17, 2022—KB5021654 (OS Build 14393.5502) Out-of-band

November 17, 2022—KB5021654 OS Build 14393.5502 Out-of-band 10/11/22 IMPORTANT On January 10, 2023, the public extension for servicing devices that have the Intel Atom Clover Trail processor will end. The January 10, 2023 security update is the last update for these devices. After that date, they...

BumbleBee leverages Zerologon to get Domain Controller Access

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK and a DLL. Using...

Exploitation of Follina leads to takeover of domain controller

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The recent incident is related to TA570, wherein the attackers exploited the Follina vulnerability CVE-2022-30190 to compromise the Domain Controller and eventually gain access to confidential files...

Buffer overflow in Heimdal unwrap_des3()

Description The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet. Examples of where Samba can use GSSAPI include the client and...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...