Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was released publically.
Microsoft has urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and CVE-2021-42278. The vulnerabilities allow attackers to easily jack up privileges to that of domain admin in unpatched Windows Active Directory domain services after impersonating a regular domain user, according to Microsoft’s advisory.
Both vulnerabilities are described as a “Windows Active Directory domain service privilege-escalation” bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.
Read more: Threatpost
For more such updates follow us on Google News ITsecuritywire News