The estimated reading time 1 minutes
I thought my holidays already started, but there is a very critical sercurity vulnerability included in Microsoft Active Directory. More precisely there are two vulnerabilities, CVE-2021-42287 and CVE-2021-42278 .
Vulnerability CVE-2021-42278 contains an attack which is also known as sAMAccountName spoofing or impersonation. It is possible to rename Computer Accounts of DomainController to impersonate them.
See this link:
https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing
The second CVE deals wih sAMACccountNames also, and tries to steal service tickets with false Accounts.
See this Link:
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
For additional information concerning this topic see this link:
It is possible to gain administrative permissions on Active Directory, so I think it is critical.
Microsoft offers some KBs and patches with the updates in November 2021 see this links:
KB5008102