Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)

Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in Active Directory domain controllers that it addressed in November. 
 
Both flaws are categorized as “Windows Active Directory domain service privilege-escalation” flaws with a CVSS criticality score of 7.5 out of 10. 
 
On Microsoft Windows Server, Active Directory is a directory service for identity and access management. Even though the flaws were rated as “exploitation Less Likely” in Google’s assessment, the public exposure of the PoC available on GitHub has spurred additional calls for the fixes to be implemented to prevent threat actors from exploiting them. 
 
An attacker can modify the SAM-Account-Name attribute, which is used to log a user into Active Directory domain systems, with CVE-2021-42278, and impersonate domain controllers with CVE-2021-42287. This effectively enables a bad actor with domain user credentials domain admin user access. 
 
Affected versions  
The vulnerabilities (CVE-2021-42278 & CVE-2021-42287) affect the Active Directory Domain Services (AD DS) component. 
 
Mitigation  
All domain controllers should be updated using the steps and information provided in the following knowledgebase articles: KB5008102KB5008380, and KB5008602. 
 
Qualys Detection  
Qualys customers can scan their devices with QID 91835 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.  
  
References 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278  
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287 
https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html 
https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/ 
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-easy-windows-domain-takeover-via-active-directory-bugs/  
https://support.microsoft.com/en-us/topic/november-9-2021-kb5007192-os-build-14393-4770-f534a33a-ed00-4bd2-8248-9424c53e9bde  

Leave a Reply

Your email address will not be published. Required fields are marked *