
image credit: unsplash
Tracked as CVE-2021-42287 and CVE-2021-42278, the two security errors can be chained to impersonate domain controllers and gain administrative privileges on Active Directory.
Proof-of-concept code exploiting the two bugs has been public for more than a week, and Microsoft is warning companies of potential malicious attacks, while also sharing a guide to help organizations identify suspicious behavior exploiting the flaws.