In its latest security alert, Microsoft asked its customers to apply available updates to fix two privilege escalation vulnerabilities in Active Directory whose exploitation would allow threat actors to easily take control of Windows domains. The flaws were tracked as CVE-2021-42287 and CVE-2021-42278 and were corrected during November Patch Tuesday.
Although the required patches had already been released, Microsoft decided to republish a security alert after a proof of concept (PoC) capable of exploiting these flaws appeared through Twitter and GitHub.
The company specifies that the combined exploitation of these flaws would allow threat actors to create a direct path to a domain administrator in Active Directory: “This attack would allow cybercriminals to easily elevate their privileges after compromising a regular user in the domain.”
The published exploit is highly functional for the abuse of vulnerable Windows implementations, so the company strongly recommends that exposed system administrators apply the updates as soon as possible.
In addition to the security alert, Microsoft shared detailed guidance for detecting signs of exploitation in potentially vulnerable environments and identifying compromised servers using Defender for Identity’s advanced search query, capable of identifying abnormal changes to the device name. To scan their implementations, sysadmins shoud:
In case of detecting a compromise, it is recommended to investigate the affected systems to rule out that they have been exploited.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.

source