Microsoft has pushed users to patch two security vulnerabilities in Active Directory domain controllers that it released in November. Microsoft has become active after a proof-ofo-concept video was made available on December 12.
The two vulnerabilities—labeled as CVE-2021-42287— have been rated 7.5 out of 10 on the severity scale. The vulnerabilities entail an escalation flaw impacting the Active Directory Domain Services (AD DS) component. Andrew Barlett from Catalyst IT identified and reported the vulnerabilities.
Microsoft, while assessing the vulnerability, downplayed the vulnerability as “exploitation Less Likely” but the PoC availability has created a clamor for patching the vulnerability to prevent any potential exploitation of the vulnerability.
Cve-2021-42278 allows an attacker to play with the SAM-Account-Name, which logs a user into systems in the Active Directory domain; CVE-2021042287 enables impersonation of the domain controllers that allows a bad actor with domain user credential to access as a domain admin user.
When combining these two vulnerabilities, an attacker can create a straight path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates,” Microsoft’s senior product manager Daniel Naim said. “This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.”
The Redmond-based company has also provided a step-by-step guide to help users ascertain if the vulnerabilities might have been exploited in their environments. “As always, we strongly advise deploying the latest patches on the domain controllers as soon as possible,” Microsoft said.