Skip to Content

MC408406: Reminder: Active Directory Domain Services Elevation of Privilege Vulnerability hardening changes as of April 11, 2023

In 2021, Microsoft addressed a security vulnerability bypass Active Directory Domain Services Elevation of Privilege Vulnerability. This bypass allows certain users to set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory (AD). To exploit this vulnerability, a user must have sufficient privileges to create a computer account, such as a user granted CreateChild permissions for computer objects. That user could create a computer account using a Lightweight Directory Access Protocol (LDAP) Add call that allows overly permissive access to the securityDescriptor attribute. Additionally, creators and owners can modify security-sensitive attributes after creating an account.

Enforcement of new security requirements will be enabled by default in an upcoming update no sooner than April 11, 2023. Action may be required in order to prevent outages and system interruptions. For more information, see KB5008383: Active Directory permissions updates (CVE-2021-42291).

When will this happen

These Windows updates will be released in two phases:

  • Initial deployment: Introduction of the update, including Audit-By-Default, Enforcement or Disable modes configurable using the dSHeuristics attribute.
  • Final deployment: Enforcement-By-Default.

Message ID: MC408406
Published: 04 August 2022
Updated: 04 August 2022
Action required by: 04 November 2022
Platform: World tenant, Online

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.