virus logo Outbreak Alert

Microsoft AD Privilege Escalation Vulnerability

Released: Dec 26, 2021

Download PDF »

AD Privilege Escalation Vulnerability Tags

High Severity

Microsoft Vendor

Subscribe

Two vulnerabilities that can lead to easy Windows Domain takeover

On November 9, Microsoft released a patch for several zero-day vulnerabilities related to Active Directory privilege escalation, 2 of which are of particular interest as they can lead to Windows Domain takeover when chained together. Learn More »

Common Vulnerabilities and Exposures



Background

As reported by Microsoft - during the November security update cycle, a patch was released for vulnerabilities CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities are described as a ‘Windows Active Directory domain service privilege escalation vulnerability’. When combining 42287 and 42278, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain. On December 12, 2021, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


The initial patch and vulnerability disclosure was published at:
https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html
Follow-up guide from Microsoft following the proof-of-concept disclosure is available at:
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699


Active POC code is circulating in the wild, and Active Directory administrators are strongly encouraged to upgrade immediately. The Fortinet Security Fabric protections below can help detect the vulnerability, prevent exploit, or hunt for indicators related to these vulnerabilities across the attack surface.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Decoy VM

  • Vulnerability

  • IPS

  • Post-execution

DETECT

  • Threat Hunting

  • Outbreak Detection

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

  • Vulnerability Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


References

Sources of information in support and relation to this Outbreak and vendor.


Microsoft

Learn More »
Threat Post

Learn More »
About FortiGuard Outbreak Alerts

Learn More »