Two vulnerabilities in Microsoft Active Directory allow you to elevate privileges to the administrator level and take over the entire domain. The number of exploits is growing rapidly.
Use a combination
Microsoft has sent out a warning about two serious vulnerabilities in Active Directory, a combination of which can be used to take control of a domain…
Active Directory is a directory service, a distributed database of information about objects on a network. Active Directory acts as a system for user and application authentication and authorization.
We are talking about vulnerabilities CVE-2021-42287 and CVE-2021-42278, which were discovered in November 2021 by a cybersecurity expert from Catalyst IT Andrew Barlett (Andrew Barlett).
Both vulnerabilities allow an attacker to impersonate a domain controller – a server that controls an area of a computer network. As a result, it becomes possible to increase your privileges to the administrator level. This would mean taking control of the entire domain.
Microsoft advises urgently to install patches for dangerous vulnerabilities in Active Directory
Earlier, on December 11, 2021, an experimental exploit was published on Twitter and on GitHub, with which you can easily elevate privileges from a standard Active Directory user to administrator level, provided that the default settings are in effect in the domain and no patches are installed.
Later, additional exploitation tools appeared, such as a scanner and exploits in C # or a Python exploit for Kali.… Obviously, their number will grow.
Bug fixes for bugs
On the CVSS: 3.1 scale, both vulnerabilities received a 7.5 / 6.5 rating, that is, the severity level was determined as medium-high.
Microsoft has also published detailed technical guidance for detecting signs of exploitation and identifying potentially compromised servers using365 Defender and its Advanced Hunting features. The basic principle is to detect unauthorized changes to the names of devices in the domain, which accompany a compromise (event 4662).
“Vulnerabilities are assessed individually, but not in combination,” notes Mikhail Zaitsev, an information security expert at SEQ. – The threat from their joint use, apparently, is on the verge of critical, although for a successful attack, several conditions must be met. In any case, there is a possibility of taking over the domain, and it is quite high, so it is absolutely not worth delaying the installation of updates. “