Skip to main content
This live blog contains information regarding vulnerabilities in Microsoft Active Directory. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update December 21, 2021
17:00 | During the November patch TuesdayMicrosoft released a patch for two new vulnerabilities: CVE-2021-42287 and CVE-2021-42278. On the 12th of December 2021, a proof-of-concept exploit was disclosed. When these two vulenrabilities are combined, a malicious entity can escalate privileges of a compromised user account, to Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.
We strongly advice you to install the available updates.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Potential risk
During the November patch Tuesday on the 8th of November 2021, Microsoft released a patch for two new vulnerabilities: CVE-2021-42287 and CVE-2021-42278. The vulnerabilities both have a CVSS-score of 8,8. The CVSS scale runs from 0 to 10.
On December 12, 2021, a proof-of-concept exploit leveraging these vulnerabilities was publicly disclosed. When the two vulnerabilities are combined, a malicious entity can escalate privilege of a normal user account to an account with Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.
Detail info
On December 12, 2021, a proof-of-concept exploit leveraging these vulnerabilities was publicly disclosed. When the two vulnerabilities are combined, a malicious entity can escalate privilege of a normal user account to an account with Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.
All Windows Server operating systems since Windows Server 2008 are vulnerable.
Install the patch. Microsoft has released updates for all effected operating systems, including the end of life Windows 2008 and Windows 2008 R2.
Background
More information:
- https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
- https://support.microsoft.com/en-us/topic/kb5008102-active-directory-security-accounts-manager-hardening-changes-cve-2021-42278-5975b463-4c95-45e1-831a-d120004e258e
- https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
- https://support.microsoft.com/en-us/topic/november-14-2021-kb5008602-os-build-17763-2305-out-of-band-8583a8a3-ebed-4829-b285-356fb5aaacd7
Subscribe
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.
Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.
