SAM Name Impersonation


Bah Humbug – Nasty Active Directory Exploits Call for Immediate Patching

New attacks reinforce importance of rigorous updates in wake of Log4Shell

As the Log4j threat continues to unfold, there is yet another “humbug” that should be top-of-mind for businesses as we enter the throes of the holiday season.

The Armor team is closely monitoring two new vulnerabilities against Active Directory environments that can facilitate domain takeover via privilege escalation.  This, in turn, leaves organizations susceptible to a variety of advanced, sophisticated identity threat hacks.  There are already proofs-of-concept available, making the exploit an immediate threat.

Fortunately, Microsoft has already released patches to address the CVE-2021-42287 and CVE-2021-42278 vulnerabilities.  When used in tandem, they provide threat actors with escalated privileges that can create a variety of business disruptions.

If using Active Directory, Armor’s threat experts strongly suggest reviewing the domain controllers below and deploying the latest patches as soon as possible.

  • KB5008102

Active Directory Security Accounts Manager hardening changes (CVE-2021-42278) https://support.microsoft.com/en-us/topic/kb5008102-active-directory-security-accounts-manager-hardening-changes-cve-2021-42278-5975b463-4c95-45e1-831a-d120004e258e

  • KB5008380

Authentication updates (CVE-2021-42287)

https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041

  • KB5008602

(OS Build 17763.2305) Out-of-band

https://support.microsoft.com/en-us/topic/november-14-2021-kb5008602-os-build-17763-2305-out-of-band-8583a8a3-ebed-4829-b285-356fb5aaacd7

These new pervasive attacks demonstrate yet another reminder about the importance of active patching to keep systems secure.  As the Log4j exploit recently demonstrated, lack of diligence can leave organizations vulnerable to a variety of threats that can put a damper on the holidays.

Small and mid-size organizations should look to their MSPs to help navigate incidents such as this and maintain a robust patching program to manage against ongoing threats.

As always, Armor continuously monitors and seeks out potential risks like these with 24x7x365 threat detection and response capabilities. In the event of an attack, our cybersecurity experts are available to help you respond quickly and effectively.

Please contact us if you have any questions or concerns.

References

—-

https://nvd.nist.gov/vuln/detail/CVE-2021-42287

https://nvd.nist.gov/vuln/detail/CVE-2021-42278

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals

Explore the Resource Center