The Hacker NewsTHN:9C12FFDB69779929861327CF77B13726Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12.
The two vulnerabilities â tracked as CVE-2021-42278 and CVE-2021-42287 â have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the Active Directory Domain Services (AD DS) component. Credited with discovering and reporting both the bugs is Andrew Bartlett of Catalyst IT.
Active Directory is a directory service that runs on Microsoft Windows Server and is used for identity and access management. Although the tech giant marked the shortcomings as âexploitation Less Likelyâ in its assessment, the public disclosure of the PoC has prompted renewed calls for applying the fixes to mitigate any potential exploitation by threat actors.
While CVE-2021-42278 enables an attacker to tamper with the SAM-Account-Name attribute, which is used to log a user into systems in the Active Directory domain, CVE-2021-42287 makes it possible to impersonate the domain controllers. This effectively grants a bad actor with domain user credentials to gain access as a domain admin user.
âWhen combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasnât applied these new updates,â Microsoftâs senior product manager Daniel Naim said. âThis escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.â
The Redmond-based company has also provided a step-by-step guide to help users ascertain if the vulnerabilities might have been exploited in their environments. âAs always, we strongly advise deploying the latest patches on the domain controllers as soon as possible,â Microsoft said.
Found this article interesting? Follow THN on Facebook, Twitter ď and LinkedIn to read more exclusive content we post.
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P