Active Directory bugs / vulnerability november 2021 CVE-2021-42287

The estimated reading time 1 minutes

I thought my holidays already started, but there is a very critical sercurity vulnerability included in Microsoft Active Directory. More precisely there are two vulnerabilities, CVE-2021-42287 and CVE-2021-42278 .

Vulnerability CVE-2021-42278 contains an attack which is also known as sAMAccountName spoofing or impersonation. It is possible to rename Computer Accounts of DomainController to impersonate them.
See this link:
https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing

The second CVE deals wih sAMACccountNames also, and tries to steal service tickets with false Accounts.
See this Link:
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html

For additional information concerning this topic see this link:

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699

It is possible to gain administrative permissions on Active Directory, so I think it is critical.

Microsoft offers some KBs and patches with the updates in November 2021 see this links:
KB5008102

KB5008380

KB5008602

Stay tuned and patch your system, It’s critical!

Print Friendly, PDF & Email
  • Was this Helpful ?
  • yes   no
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments