Two Active Directory Bugs Lead to Easy Windows Domain Takeover

78
Two Active Directory Bugs Lead to Easy Windows Domain Takeover

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was released publically.

Microsoft has urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and CVE-2021-42278. The vulnerabilities allow attackers to easily jack up privileges to that of domain admin in unpatched Windows Active Directory domain services after impersonating a regular domain user, according to Microsoft’s advisory.

Both vulnerabilities are described as a “Windows Active Directory domain service privilege-escalation” bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.

Read more: Threatpost

For more such updates follow us on Google News ITsecuritywire News