A seriously disturbing vulnerability has been found in the Microsoft Active Directory system and proof of concept exploits have been made available making the likelihood of exploit extremely high. The vulnerability allows an unauthenticated attacker to take over Active Directory allowing full domain admin access. Microsoft has released a partial patch back in August. The vulnerability CVE-2020-1472 is one that shouldn’t be ignored, and we urge all Microsoft Active Directory consumers to ensure their estate is patched as soon as possible.
The key notes are as follows:
- The attacker requires TCP access to the server (Inside your network)
- The attacker does not require any form of authentication
- Successful exploitation will provide full control of Active Directory
- Microsoft have issued a patch which can be found here
- Windows Server 2008
- Windows Server 2012
- Windows Server 2016
- Windows Server 2019
Microsoft has not identified any mitigating factors for this vulnerability.
Microsoft has not identified any workarounds for this vulnerability.
More detail can be found at the below resources: