Active Directory bugs / vulnerability november 2021 CVE-2021-42287

The estimated reading time 1 minutes

I thought my holidays already started, but there is a very critical sercurity vulnerability included in Microsoft Active Directory. More precisely there are two vulnerabilities, CVE-2021-42287 and CVE-2021-42278 .

Vulnerability CVE-2021-42278 contains an attack which is also known as sAMAccountName spoofing or impersonation. It is possible to rename Computer Accounts of DomainController to impersonate them.
See this link:

The second CVE deals wih sAMACccountNames also, and tries to steal service tickets with false Accounts.
See this Link:

For additional information concerning this topic see this link:

It is possible to gain administrative permissions on Active Directory, so I think it is critical.

Microsoft offers some KBs and patches with the updates in November 2021 see this links:



Stay tuned and patch your system, It’s critical!

Print Friendly, PDF & Email
Was this article helpful?
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments