Bugs in Active Directory could empower cybercriminals to gain control over Windows Domain Controllers

Last Updated on 23/12/2021 by Riya

Microsoft is recommending users to fix two Active Directory domain controller security flaws, which might allow cybercriminals to gain control of Windows domain controllers.Two vulnerabilities named CVE-2021-42278 and CVE-2021-42279 have been identified by security experts.

Both flaws were detected and disclosed by Andrew Bartlett of Catalyst IT. Directory service Active Directory Is designed for identity and privilege management and operates on Microsoft Windows Server. The disadvantage of the tech behemoth is that “Exploitation is improbable.” The revelation of the PoC triggered a new demand to implement changes to prevent possible threat actor exploitation.

The SAM-Account-Name attribute can be manipulated thanks to CVE-2021-42278. CVE-2021-42287 lets you imitate a domain controller and log clients into an Active Directory domain’s system. This gives a hostile attacker access to the Domain Admin account if they have domain usernames and passwords. According to Daniel Naim, Microsoft’s Senior Product Manager,

“In the absence of new fixes, the combination of these two flaws allows a hacker to construct a straightforward path to domain admin users, after invading a normal user in the domain, this escalation approach empowers a hacker to simply escalate their rights to domain admin connectivity.”

The Redmond-based firm also offers step-by-step tips to enable customers to determine whether a flaw has been leveraged in their system. Microsoft stated,

“Like always, we highly suggest you apply the latest fixes to your domain controllers quickly.”