Microsoft has urged organizations and users to immediately patch two Active Directory domain service privilege escalation security vulnerabilities. Tracked as CVE-2021-42287 and CVE-2021-42278, these vulnerabilities allow threat actors to takeover Windows domains. While the technology giant fixed these flaws during the November 2021 Patch Tuesday, a proof-of-concept tool exploiting the vulnerabilities was publicly disclosed.
Microsoft stated that attackers could penetrate a Domain Admin user in an Active Directory environment by combining these two vulnerabilities. The flaws reportedly enable remote hackers to elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.
“As Defender for Identity’s mission is to secure Active Directory and your environment against advanced and sophisticated identity threat attacks, our research team reacted fast and published a query that can be used to identify suspicious behavior leveraging these vulnerabilities. This query can help detect abnormal device name changes (which should rarely happen to begin with) and compare them to a list of domain controllers in your environment,” Microsoft said in an advisory.
However, Microsoft recommended organizations and users fix the vulnerabilities by applying the updates as soon as possible to avoid any security risks.
To identify whether your systems are affected due to these vulnerabilities, Microsoft recommended the following:
Microsoft recently issued security patches for 67 CVEs in its December 2021 Patch Tuesday update. Of 67 vulnerabilities, 60 were deemed important, and seven were critical. Six zero-day vulnerabilities have also been fixed, being exploited in the wild. The December 2021 Patch Tuesday update resolved vulnerabilities affecting Microsoft Office, Microsoft PowerShell, the Chromium-based Edge browser, the Windows Kernel, Print Spooler, and Remote Desktop Client.
The post Microsoft Warns of Active Directory Vulnerabilities appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor