Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass vulnerability (CVE-2021-42278) are collectively referred to as noPac. NoPac can allow attackers to escalate to domain-level privileges from a standard user account.
Vulnerable versions :
- Impacts Windows Server Versions 2008, 2008 R2, 2012 2012R2, 2016 inc version 20H2+2004, 2019, 2022
Microsoft released patches for both CVE-2021-42287 and CVE-2021-42278 on November 9, 2021. Customers should prioritise applying those patches to Windows domain controllers in their environments. Additionally, customers can restrict users’ ability to register systems in a domain by modifying the default Active Directory configuration (as described in the Microsoft article “Active Directory: How to Prevent Authenticated Users from Joining Workstations to a Domain” listed in the references section).
If you have any questions or concerns about this advisory, please contact us via our support desk – firstname.lastname@example.org