Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain.
In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released. The exploit allowed the escalation of privileges of a regular domain user to domain administrator, which enables a malicious actor to launch multiple attacks such as domain takeover or a ransomware attack.
This is a serious concern because this exploit was confirmed by multiple researchers as a low-effort exploit with critical impact. Researchers at Secureworks have demonstrated how to exploit these Active Directory flaws to gain domain privileges in just 16 seconds. Yes, you read it right — a compromised domain in a quarter of a minute!