Dec 21, 2021
152 Views
0 0

Microsoft warns of easy Windows domain takeover via Active Directory bugs

Written by

Microsoft warns of easy Windows domain takeover via Active Directory bugs
UK govt shares 585 million passwords with Have I Been Pwned
FBI: State hackers exploiting new Zoho zero-day since October
Log4j vulnerability now used to install Dridex banking malware
Fix your home Wi-Fi with this 4.3 Gbps mesh router, now just $245
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Meta sues people behind Facebook and Instagram phishing
FBI: State hackers exploiting new Zoho zero-day since October
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.
The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278 and reported by Andrew Bartlett of Catalyst IT) during the November 2021 Patch Tuesday.
Redmond’s warning to immediately patch the two bugs — both allowing attackers to impersonate domain controllers — comes after a proof-of-concept (PoC) tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.
“When combining these two vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment that hasn’t applied these new updates,” Microsoft explains in an advisory published today.
“This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.
“As always, we strongly advise deploying the latest patches on the domain controllers as soon as possible.”
Windows admins are urged to update devices exposed to attacks using the steps and information detailed in the following knowledgebase articles: KB5008102, KB5008380, KB5008602.
Researchers who tested the PoC stated that they were able to easily use the tool to escalate privileges from standard Active Directory user to a Domain Admin in default configurations.
Microsoft has also shared detailed guidance on detecting signs of exploitation in your environment and identifying potentially compromised servers using Defender for Identity advanced hunting query that looks for abnormal device name changes.
The step-by-step guide requires defenders to:
“Our research team continues its effort in creating more ways to detect these vulnerabilities, either with queries or out-of-the-box detections,” Microsoft added.
Attackers can get root by crashing Ubuntu’s AccountsService
New Windows 10 zero-day gives admin rights, gets unofficial patch
Zero-day bug in all Windows versions gets free unofficial patch
Malware now trying to exploit new Windows Installer zero-day
TellYouThePass ransomware revived in Linux, Windows Log4j attacks
So if we patched Nov 2021 (and Dec 2021) we are “safe”?
Yes, Microsoft patched both bugs in November.
Not a member yet? Register Now
New stealthy DarkWatchman malware hides in the Windows Registry
Log4j vulnerability now used to install Dridex banking malware
To receive periodic updates and news from BleepingComputer, please use the form below.
AdwCleaner
Malwarebytes for Mac
Malwarebytes Anti-Malware
Farbar Recovery Scan Tool
Windows Repair (All In One)
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.