16/12/2021

noPac Vulnerability (CVE-2021-42287 and CVE-2021-42278 ) 

Summary

Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass vulnerability (CVE-2021-42278) are collectively referred to as noPac. NoPac can allow attackers to escalate to domain-level privileges from a standard user account.

Vulnerable versions :

  • Impacts Windows Server Versions 2008, 2008 R2, 2012 2012R2, 2016 inc version 20H2+2004, 2019, 2022

Recommendation(s):  

Microsoft released patches for both CVE-2021-42287 and CVE-2021-42278 on November 9, 2021. Customers should prioritise applying those patches to Windows domain controllers in their environments. Additionally, customers can restrict users’ ability to register systems in a domain by modifying the default Active Directory configuration (as described in the Microsoft article “Active Directory: How to Prevent Authenticated Users from Joining Workstations to a Domain” listed in the references section).

References:

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners