Easily exploitable Active Directory bugs found

Microsoft is warning of two new vulnerabilities which allow attackers to gain domain admin privileges by simply impersonating a regular domain user. Did someone say "YIKES!?"

Domain administrators in Windows can modify the settings of Active Directory servers and can modify any data stored there. They also are able to create new users and groups, as well as delete or change their permissions and credentials.

“​When combining these two vulnerabilities, an attacker can create a straight* path to a domain admin user in an Active Directory environment that hasn’t applied these new updates,” warned the alert. “This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.”

Proof-of-concepts (PoC) of the exploit was spotted on Twitter and are apparently very easy to use. Multiple security researchers also confirmed that it works.

Microsoft urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and CVE-2021-42278, both of which were fixed in its November 2021 security updates.

Email Phishing Trends In 2020

Our "State of the Phish" details phishing activity we are seeing in the corporate email space in 2020.

Hackers targeting passwords your Chrome browsers remember

Time to stop letting your browser remember your passwords.

Best Free Ticketing System for IT

Try Vertask free ticketing system today, no credit card required.