Researcher publishes PoC for Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2021-42287, CVE-2021-42278)

by do son · Published December 12, 2021 · Updated December 12, 2021

Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralized domain management. Microsoft Active Directory stores information about network objects and allows administrators and users to easily find and use this information.

On December 12, 2021, the details of the vulnerability and the POC of the Microsoft Windows Active Directory domain service privilege escalation vulnerability have been disclosed on the Internet. The vulnerability numbers are CVE-2021-42287 and CVE-2021-42278. The vulnerability level is a high risk with a CVSS score of 7.5. At present, Microsoft has officially released November Patch Tuesday to fix these vulnerabilities.

Image: cube0x0

Vulnerability Detail

CVE-2021-42287: Active Directory Domain Services Elevation of Privilege Vulnerability

Due to AD did not verify the account name of the machine in the domain, the security restrictions were bypassed. A remote authenticated attacker can use CVE-2021-42278 to elevate the rights of ordinary users in the domain to the rights of domain administrators.

Affected version

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server, version 2004 (Server Core installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

CVE-2021-42278: Active Directory Domain Services Elevation of Privilege Vulnerability

Due to the application does not impose appropriate security restrictions on Active Directory Domain Services, an authenticated remote attacker combined with CVE-2021-42287 can lead to bypassing security restrictions and privilege escalation.

Affected version

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server, version 2004 (Server Core installation)

Windows Server 2022 (Server Core installation)

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2019

Windows Server 2012 R2 (Server Core installation)