DARKReading: Monitoring and Securing Remote and Work-From-Home Environments (Feb. 2nd)
From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287
Fortinet News, January 5th, 2022
January 5, 2022,
Volume 286, Issue 1

On Patch Tuesday of last November, Microsoft released advisories to address several vulnerabilities in Active-Directory.

Analysis of these vulnerabilities showed that by combining CVE-2021-42278 and CVE-2021-42287 it is possible, under default conditions, for a regular user to easily impersonate a domain admin. This means that any domain user can effectively become a domain administrator, which makes these vulnerabilities extremely severe. Moreover, there are already several Github repositories with free-to-use PoC code that facilitates the exploitation of these vulnerabilities.

In this post, we will describe how the exploitation of these vulnerabilities works and show how the attack is mitigated by FortiEDR.

Read More ...

Keywords:

    Other articles in the Fortinet News section of Volume 286, Issue 1:

    See all archived articles in the Fortinet News section.