Microsoft Active Directory critical vulnerability
This live blog contains information regarding vulnerabilities in Microsoft Active Directory. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This live blog contains information regarding vulnerabilities in Microsoft Active Directory. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update December 21, 2021
17:00 | During the November patch TuesdayMicrosoft released a patch for two new vulnerabilities: CVE-2021-42287 and CVE-2021-42278. On the 12th of December 2021, a proof-of-concept exploit was disclosed. When these two vulenrabilities are combined, a malicious entity can escalate privileges of a compromised user account, to Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.
We strongly advice you to install the available updates.
Background
On December 12, 2021, a proof-of-concept exploit leveraging these vulnerabilities was publicly disclosed. When the two vulnerabilities are combined, a malicious entity can escalate privilege of a normal user account to an account with Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller. All Windows Server operating systems since Windows Server 2008 are vulnerable. Install the patch. Microsoft has released updates for all effected operating systems, including the end of life Windows 2008 and Windows 2008 R2.
Risk
During the November patch Tuesday on the 8th of November 2021, Microsoft released a patch for two new vulnerabilities: CVE-2021-42287 and CVE-2021-42278. The vulnerabilities both have a CVSS-score of 8,8. The CVSS scale runs from 0 to 10.
On December 12, 2021, a proof-of-concept exploit leveraging these vulnerabilities was publicly disclosed. When the two vulnerabilities are combined, a malicious entity can escalate privilege of a normal user account to an account with Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.
Advice
Sources
More information:
- https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
- https://support.microsoft.com/en-us/topic/kb5008102-active-directory-security-accounts-manager-hardening-changes-cve-2021-42278-5975b463-4c95-45e1-831a-d120004e258e
- https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
- https://support.microsoft.com/en-us/topic/november-14-2021-kb5008602-os-build-17763-2305-out-of-band-8583a8a3-ebed-4829-b285-356fb5aaacd7
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
