Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in Active Directory domain controllers that it addressed in November.
Both flaws are categorized as “Windows Active Directory domain service privilege-escalation” flaws with a CVSS criticality score of 7.5 out of 10.
On Microsoft Windows Server, Active Directory is a directory service for identity and access management. Even though the flaws were rated as “exploitation Less Likely” in Google’s assessment, the public exposure of the PoC available on GitHub has spurred additional calls for the fixes to be implemented to prevent threat actors from exploiting them.
An attacker can modify the SAM-Account-Name attribute, which is used to log a user into Active Directory domain systems, with CVE-2021-42278, and impersonate domain controllers with CVE-2021-42287. This effectively enables a bad actor with domain user credentials domain admin user access.
Affected versions
The vulnerabilities (CVE-2021-42278 & CVE-2021-42287) affect the Active Directory Domain Services (AD DS) component.
Mitigation
All domain controllers should be updated using the steps and information provided in the following knowledgebase articles: KB5008102, KB5008380, and KB5008602.
Qualys Detection
Qualys customers can scan their devices with QID 91835 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html
https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-easy-windows-domain-takeover-via-active-directory-bugs/
https://support.microsoft.com/en-us/topic/november-9-2021-kb5007192-os-build-14393-4770-f534a33a-ed00-4bd2-8248-9424c53e9bde