Windows Privilege Escalation: sAMAccountName Spoofing

This post discusses how CVE-2021-42278 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any normal Domain user)

Description: Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.

Release Date: Nov 9, 2021

Impact: Elevation of Privilege

Severity: Important

CVSS score: 8.8

Pentest Lab setup

In the lab, we’ll use a Kali VM as the attacker machine and a Windows domain controller (affected Windows platforms are listed above in the article) that hasn’t been patched since November 9, 2021, as the victim/target machine.

Now, as you can see, a user with normal domain user privileges has been created in the test Domain Controller lab setup.

The below command can be run on the Domain Controller to check user details, and as you can see, the user is a normal domain user (highlighted in red).

net user sakshi