351
138 shares, 351 points

With a PoC (Proof of Concept) published on December 12, it turned out that a vulnerability originating from Active Directory allowed the Domain Controller to be hijacked.

CVE-2021-42278 and CVE-2021-42287

Security vulnerabilities published with codes are evaluated with a risk score of 7.5 out of 10. Due to an authorization escalation vulnerability in the Active Directory structure, the domain administrator Domain Controller can be compromised. Andrew Bardollarsett of Catalyst IT spotted both bugs.

Active Directory is a service that configures identity management and access permissions of users and connected clients running on Windows Server server operating systems. The user at the beginning of this service is called Domain Controller / Domain Admin. When attackers access a corporate system, they usually first try to increase authority and become Domain Admin by using software flaws such as zafiyedollarser after the discovery phase.

Thanks to CVE-2021-42278, attackers accessing the system can easily change the SAM-Account-Name information used by users connected to the Active Directory structure to log in.

Although the exploitation of these two vulnerabilities was considered unlikely by Microsoft, the release of the PoC increased the pressure to close the vulnerabilities and patches were quickly released. It would be beneficial for system administrators to apply KB5008102, KB5008380, KB5008602 updates as soon as possible.


Like it? Share with your friends!

351
138 shares, 351 points

What's Your Reaction?

hate hate
858
hate
confused confused
368
confused
fail fail
1226
fail
fun fun
1104
fun
geeky geeky
981
geeky
love love
613
love
lol lol
736
lol
omg omg
368
omg
win win
1226
win
Michael Lewis

Emperor

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format