Active Directory bugs could allow hackers to take over Windows domain controllers
Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it patched in November following the availability of a proof of concept (PoC) tool on December 12.
Both vulnerabilities – tracked as CVE-2021-42278 and CVE-2021-42287 – have a severity rating of 7.5 out of a maximum of 10 and relate to an elevation of privilege vulnerability affecting the Active Directory Domain Services (AD DS) component. Andrew Bartlett of Catalyst IT is credited with discovering and reporting both bugs.
Active Directory is a directory service which runs on Microsoft Windows Server and is used for Identity and Access Management. Although the tech giant has flagged the loopholes as “Less likely exploitation“In its assessment, the public disclosure of the PoC prompted further calls for patches to be applied to mitigate any potential exploitation by threat actors.
While CVE-2021-42278 allows an attacker to forge the SAM-Account-Name attribute – which is used to connect a user to systems in the Active Directory domain, CVE-2021-42287 allows to impersonate controllers domain. This effectively allows a bad actor with domain user credentials to access as the domain administrator user.
“By combining these two vulnerabilities, an attacker can create a direct path to a domain administrator user in an Active Directory environment which has not applied these new updates”, Daniel Naim, senior product manager at Microsoft. noted. “This escalation attack allows attackers to easily escalate their privilege to that of a domain administrator once they have compromised a regular user of the domain.”
The Redmond-based company also provided a step by step guide to help users determine if vulnerabilities could be exploited in their environments. “As always, we strongly recommend that you deploy the latest fixes to domain controllers as soon as possible,” Microsoft said.