⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-02.

CVE-2021-42278

CWE-20 — Improper Input Validation CWE-269 — Improper Privilege Management8 documents8 sources

Severity

7.5HIGH

EPSS

94.1%

top 0.10%

CISA KEV

KEVRansomware

Added 2022-04-11

Due 2022-05-02

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 R2 Service Pack 1 (server Core Installation)Microsoft Windows Server 2008 Service Pack 2 +15 more

Timeline

PublishedNov 10

KEV addedApr 11

KEV dueMay 2

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages16 packages

▶NVDmicrosoft/windows< 10.0.19041.1348+5

▶CVEListV5microsoft/windows_server_20126.2.0 — 6.2.9200.23517

▶CVEListV5microsoft/windows_server_201610.0.0 — 10.0.14393.4770

▶CVEListV5microsoft/windows_server_201910.0.0 — 10.0.17763.2300

▶CVEListV5microsoft/windows_server_202210.0.0 — 10.0.20348.350

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-chp6-c7f5-h9w9: Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291↗2022-05-24

▶

CVEList

Active Directory Domain Services Elevation of Privilege Vulnerability↗2021-11-10

▶

VulnCheck

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability↗2021

▶

🔍Detection Rules

Elastic

Potential Privileged Escalation via SamAccountName Spoofing↗

▶

📋Vendor Advisories

CISA

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability↗2022-04-11

▶

Microsoft

Active Directory Domain Services Elevation of Privilege Vulnerability↗2021-11-09

▶

🕵️Threat Intelligence

Fortinet

From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287 | FortiGuard Labs↗2022-01-05

▶