Microsoft issues warning about Active Directory privilege escalation attack

Although Microsoft releases quality and security updates for its supported software on a regular basis, as a consumer, it's also important to apply them as soon as possible. Today, the company has issued an advisory about some vulnerabilities that it has already patched but are now being exploited on configurations that have not been updated yet.

A blue Windows logo with a mirror effect on a dark background

Back in November, Microsoft tagged two vulnerabilities as CVE-2021-42287 and CVE-2021-42278 describing them as "Windows Active Directory domain service privilege escalation vulnerability". The issues in question allow a malicious actor to easily gain Domain Admin privileges in Active Directory after they compromise a regular user account. Microsoft released three patches for immediate deployment on domain controllers, described below:

Although the aforementioned patches have been available for weeks, the problem is that a proof-of-concept tool that exploits these vulnerabilities was publicly disclosed on December 12. Malicious actors can utilize it to perform privilege escalation attacks on Active Directory by targeting unpatched domain controllers.

As such, Microsoft has now issued an advisory, requesting customers to patch applicable systems as soon as possible. In its technical blog post, the company has also dived into the details about how to detect indicators of compromise and attached some Advanced Hunting queries as well. You can check out more details here.

Report a problem with article
Sponsored white paper on cloud security
Next Article

How Device Trust is Key to Securing Cloud Access - Free White Paper

The front-view of a plane in flight
Previous Article

FAA: 5G networks could delay, ground, divert airplanes, and endanger lives

Join the conversation!

Login or Sign Up to read and post a comment.

10 Comments - Add comment