On Patch Tuesday of last November, Microsoft released advisories to address several vulnerabilities in Active-Directory.
Analysis of these vulnerabilities showed that by combining CVE-2021-42278 and CVE-2021-42287 it is possible, under default conditions, for a regular user to easily impersonate a domain admin. This means that any domain user can effectively become a domain administrator, which makes these vulnerabilities extremely severe. Moreover, there are already several Github repositories with free-to-use PoC code that facilitates the exploitation of these vulnerabilities.
In this post, we will describe how the exploitation of these vulnerabilities works and show how the attack is mitigated by FortiEDR.
Read More ...