⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-02.

CVE-2021-42287 — noPac: Improper Privilege Management in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-269 — Improper Privilege Management7 documents7 sources

Severity

8.8HIGHNVD

CNA7.5VulnCheck7.5

EPSS

94.0%

top 0.10%

CISA KEV

KEVRansomware

Added 2022-04-11

Due 2022-05-02

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +7 more

Timeline

PublishedNov 10

KEV addedApr 11

KEV dueMay 2

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶NVDmicrosoft/windows< 10.0.14393.4770+4

▶CVEListV5microsoft/windows_server_20126.2.0 — 6.2.9200.23517

▶CVEListV5microsoft/windows_server_201610.0.0 — 10.0.14393.4770

▶CVEListV5microsoft/windows_server_201910.0.0 — 10.0.17763.2300

▶CVEListV5microsoft/windows_server_202210.0.0 — 10.0.20348.350

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-737r-5j68-97hh: Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291↗2022-05-24

▶

CVEList

Active Directory Domain Services Elevation of Privilege Vulnerability↗2021-11-10

▶

VulnCheck

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability↗2022-04-11

▶

Microsoft

Active Directory Domain Services Elevation of Privilege Vulnerability↗2021-11-09

▶

🕵️Threat Intelligence

Fortinet

From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287 | FortiGuard Labs↗2022-01-05

▶

External resources

NVD MITRE CISA KEV

Affected products10

Microsoft Windows Server 2008vr2

Microsoft Windows Server 2008 R2 Service Pack 1≥ 6.1.0, < 6.1.7601.25769≥ 6.0.0, < 6.1.7601.25769

Microsoft Windows Server 2008 Service Pack 2≥ 6.0.0, < 6.0.6003.21282

Microsoft Windows Server 2012≥ 6.2.0, < 6.2.9200.23517vr2

Microsoft Windows Server 2012 R2≥ 6.3.0, < 6.3.9600.20174

Microsoft Windows Server 2016≥ 10.0.0, < 10.0.14393.4770fixed in 10.0.14393.4770v2004

Microsoft Windows Server 2019≥ 10.0.0, < 10.0.17763.2300fixed in 10.0.17763.2300

Microsoft Windows Server 2022≥ 10.0.0, < 10.0.20348.350fixed in 10.0.20348.350

Microsoft Windows Server Version 2004≥ 10.0.0, < 10.0.19041.1348

Microsoft Windows Server Version 20h2≥ 10.0.0, < 10.0.19041.1348

Disclosure

PublishedNov 10, 2021

KEV addedApr 11, 2022

KEV dueMay 2, 2022

Latest updateMay 24, 2022