Easily exploitable Active Directory bugs found
Microsoft is warning of two new vulnerabilities which allow attackers to gain domain admin privileges by simply impersonating a regular domain user. Did someone say "YIKES!?"
Domain administrators in Windows can modify the settings of Active Directory servers and can modify any data stored there. They also are able to create new users and groups, as well as delete or change their permissions and credentials.
“When combining these two vulnerabilities, an attacker can create a straight* path to a domain admin user in an Active Directory environment that hasn’t applied these new updates,” warned the alert. “This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.”
Proof-of-concepts (PoC) of the exploit was spotted on Twitter and are apparently very easy to use. Multiple security researchers also confirmed that it works.
Our "State of the Phish" details phishing activity we are seeing in the corporate email space in 2020.
Time to stop letting your browser remember your passwords.
Try Vertask free ticketing system today, no credit card required.