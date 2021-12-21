The Redmond giant is in constant tension for safety. Most of its products are exposed to countless attempted attacks, and security is becoming more complicated every day. Active Directory it is one of their longest running services and an industry standard, but it does not exempt them from attacks.

Microsoft regularly publishes quality and security updates for its software. We as consumers have the responsibility to apply them as soon as possible. Today, the company has issued an advisory on some vulnerabilities that it has already patched but that are being exploited in configurations that have not yet been updated.

Active Directory in the crosshairs of hackers

Back in November, Microsoft classified two vulnerabilities as CVE-2021-42287 and CVE-2021-42278 describing them as “Windows Active Directory Domain Service Privilege Escalation Vulnerability”. These problems in question allow a person easily gain domain administrator privileges in Active Directory after compromising a normal user account. Microsoft has released three patches for immediate deployment to domain controllers, which are described below:

These patches have been available for weeks. The problem is that a proof of concept tool that exploits these vulnerabilities. This was publicly revealed on December 12. Attackers can use it to perform privilege escalation attacks on Active Directory targeting unpatched domain controllers.

Therefore, Microsoft has issued an advisory, requesting customers to patch their systems as soon as possible. In its publication in the blog Tech Community, the company has also delved into the details about how to spot indicators of compromise and has also attached some Advanced Hunting queries. So, as always, we recommend you update to be protected.