Following the availability of a proof-of-concept (POC) tool on December 12, Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it patched in November.
The two vulnerabilities are identified as CVE-2021-42278 and CVE-2021-42287. They both affect Active Directory Domain Services (AD DS) and have a severity rating of 7.5. Both bugs were discovered and reported by Andrew Bartlett of Catalyst IT. Microsoft Active Directory is an identity and access management service that runs on Windows Server. While the tech giant called the deficiencies “less likely exploitation” in its assessment, the public disclosure of the PoC has sparked renewed calls for fixes to mitigate any potential exploitation. ( CVE-2021-42278) allows an attacker to manipulate the SAM-Account-Name attribute, which is used to log a user into systems in the Active Directory domain; CVE-2021-42287 allows the attacker to impersonate the domain controller. In other words, a malicious actor with domain user credentials can gain access as a domain administrator user. “An attacker can establish a clear path to a domain administrator user in an Active Directory environment that has not implemented these new fixes by combining these two vulnerabilities,” explained Daniel Naim, Microsoft senior product manager. “After compromising an ordinary domain user, attackers can simply elevate their privileges to that of a domain administrator using this escalation technique.”
The Redmond-based company also offered a step-by-step guide to help users determine whether the flaws have been exploited in their environments. “As always, we strongly recommend that you apply the most recent patches to domain controllers as quickly as possible,” Microsoft said.