Microsoft had previously provided patches for the two vulnerabilities back in November. However, it has urged users to deploy the latest patches after it discovered the tool. The company also provided information on how to detect security flaws in a work environment, which involves using Advanced Hunting through Microsoft 365 Defender.
Vulnerabilities Allow Attackers to make Changes to Active Domain
Microsoft released patches for the security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in its November 2021 Patch Tuesday. The company said that when combined, the flaws can allow hackers to escalate their privilege to that of a Domain Administrator. With Domain Admin privileges, attackers can make changes to the Active Directory, like alter configurations and access stored content. Microsoft added that an Active Directory environment hasn’t applied the updates remains vulnerable. Researchers who tested the discovered tool said they managed to “easily use the tool to escalate privileges from standard Active Directory user to a Domain Admin in default configurations.” Microsoft has urged Windows admins to update exposed devices. For help, they can refer to the steps and information provided in these articles:
KB5008102 KB5008380 KB5008602
“As always, we strongly advise deploying the latest patches on the domain controllers as soon as possible,” the company added.
Microsoft’s Research Team Working to Identify Vulnerabilities
Microsoft assured customers that its researchers are working on more methods to find the security flaws in systems. “Our research team continues its effort in creating more ways to detect these vulnerabilities, either with queries or out-of-the-box detections,” it said. The company has faced many high-profile cyber threats over the course of this year. The biggest of them was the Microsoft Exchange hack, which compromised a large number of organizations around the world. The attack was later attributed to the Chinese Government. Microsoft Exchange even faced a targeted credential-stealing attack earlier this month. On the other hand, the company has been rather quick to respond to vulnerabilities in its expansive array of services, such as Office, and Azure. Microsoft regularly deploys patches on its Monthly “Patch Tuesday.” Recently, the company has also taken offensive measures against cybercriminals, as evidenced by its move to seize malicious websites from Chinese hackers.
