You might want to know that the Redmond-based tech company has issued an advisory about some vulnerabilities that it has already patched but are now being exploited on configurations that have not been updated yet.

  • Microsoft is warning its users about yet another dangerous exploited vulnerability.Using CVE-2021-42287 and CVE-2021-42278, attackers can breach your system.Malicious third parties to easily gain Domain Admin privileges in Active Directory.The tech giant is now advising us all to update to the available secure versions.

A little over a week ago, on December 12, a proof-of-concept tool leveraging these vulnerabilities was publicly disclosed.

Microsoft is urging users to patch these vulnerabilities

As you all remember, during the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278.

Both of these vulnerabilities are described as a Windows Active Directory domain service privilege escalation vulnerability.

These exploits actually allow malicious third parties to easily gain Domain Admin privileges in Active Directory after they compromise a regular user account.

Redmond officials released three patches for immediate deployment on domain controllers, as follows:

  • KB5008102—Active Directory Security Accounts Manager hardening changes (CVE-2021-42278)
  • KB5008380—Authentication updates (CVE-2021-42287)
  • KB5008602(OS Build 17763.2305) Out-of-band

But even though the above-mentioned patches have actually been available for some time now, the problem is that a proof-of-concept tool that exploits these vulnerabilities was only publicly disclosed on December 12.

The Microsoft research team reacted fast and published a query that can be used to identify suspicious behavior leveraging these vulnerabilities.

This query can help detect abnormal device name changes (which should happen rarely to begin with) and compare them to a list of domain controllers in your environment.

Make sure you carefully check out all the details if you suspect that you too are being a victim of the aforementioned situations.

And, most importantly, update to the secure versions that Microsoft provided, in order to make sure you stay one step ahead of any potential threats.

Do you suspect that threat actors have been exploiting your system? Share your opinion with us in the comments section below.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

  • windows updates

Email *

Commenting as . Not you?

Comment