ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Microsoft Active Directory critical vulnerability

By 21 December 2021 April 9th, 2023 CERT, SOC, Vulnerability
Active Directory

This live blog contains information regarding vulnerabilities in Microsoft Active Directory. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update December 21, 2021

17:00 | During the November patch TuesdayMicrosoft released a patch for two new vulnerabilities: CVE-2021-42287 and CVE-2021-42278. On the 12th of December 2021, a proof-of-concept exploit was disclosed. When these two vulenrabilities are combined, a malicious entity can escalate privileges of a compromised user account, to Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.

We strongly advice you to install the available updates.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

During the November patch Tuesday on the 8th of November 2021, Microsoft released a patch for two new vulnerabilities:  CVE-2021-42287 and CVE-2021-42278. The vulnerabilities both have a CVSS-score of 8,8. The CVSS scale runs from 0 to 10.

On December 12, 2021, a proof-of-concept exploit leveraging these vulnerabilities was publicly disclosed. When the two vulnerabilities are combined, a malicious entity can escalate privilege of a normal user account to an account with Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.

Detail info

On December 12, 2021, a proof-of-concept exploit leveraging these vulnerabilities was publicly disclosed. When the two vulnerabilities are combined, a malicious entity can escalate privilege of a normal user account to an account with Domain Administrator privileges. The malicious entity first has to compromise a user account and get network access to your Domain Controller.

All Windows Server operating systems since Windows Server 2008 are vulnerable.

Install the patch. Microsoft has released updates for all effected operating systems, including the end of life Windows 2008 and Windows 2008 R2.

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.