Beware of the Windows Active Directory privilege escalation vulnerability

Reading time icon 2 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Microsoft is warning its users about yet another dangerous exploited vulnerability.
  • Using CVE-2021-42287 and CVE-2021-42278, attackers can breach your system.
  • Malicious third parties to easily gain Domain Admin privileges in Active Directory.
  • The tech giant is now advising us all to update to the available secure versions.
domain admin exploit

You might want to know that the Redmond-based tech company has issued an advisory about some vulnerabilities that it has already patched but are now being exploited on configurations that have not been updated yet.

A little over a week ago, on December 12, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.

Microsoft is urging users to patch these vulnerabilities

As you all remember, during the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278.

Both of these vulnerabilities are described as a Windows Active Directory domain service privilege escalation vulnerability.

These exploits actually allow malicious third parties to easily gain Domain Admin privileges in Active Directory after they compromise a regular user account.

Redmond officials released three patches for immediate deployment on domain controllers, as follows:

But even though the above-mentioned patches have actually been available for some time now, the problem is that a proof-of-concept tool that exploits these vulnerabilities was only publicly disclosed on December 12.

The Microsoft research team reacted fast and published a query that can be used to identify suspicious behavior leveraging these vulnerabilities.

This query can help detect abnormal device name changes (which should happen rarely to begin with) and compare them to a list of domain controllers in your environment.

Make sure you carefully check out all the details if you suspect that you too are being a victim of the aforementioned situations.

And, most importantly, update to the secure versions that Microsoft provided, in order to make sure you stay one step ahead of any potential threats.

Do you suspect that threat actors have been exploiting your system? Share your opinion with us in the comments section below.

More about the topics: windows updates