check before: 2023-04-11
Product:
Microsoft 365 Apps
Platform:
World tenant, Online
Status:
Change type:
Admin impact
Links:
Details:
Message summary:
In 2021, Microsoft addressed a security vulnerability bypass Active Directory Domain Services Elevation of Privilege Vulnerability This bypass allows certain users to set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory (AD). To exploit this vulnerability, a user must have sufficient privileges to create a computer account, such as a user granted CreateChild permissions for computer objects. That user could create a computer account using a Lightweight Directory Access Protocol (LDAP) Add call that allows overly permissive access to the securityDescriptor attribute. Additionally, creators and owners can modify security-sensitive attributes after creating an account.
When will this happen:
These Windows updates will be released in two phases:
Initial deployment: Introduction of the update, including Audit-By-Default, Enforcement or Disable modes configurable using the dSHeuristics attribute.
Final deployment: Enforcement-By-Default.
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
Created:
2022-08-04
updated:
2022-08-27
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
changes*
| Date | Property | old | new |
| 2022-09-15 | MC prepare | To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default. Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291). If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023. Additional information: Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory permissions updates. KB5008383: Active Directory permissions updates (CVE-2021-42291) ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4229 ps://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cd ps://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cd | To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default. Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291). If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023. Additional information: Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory permissions updates. KB5008383: Active Directory permissions updates (CVE-2021-42291) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42291 https://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cde1 https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1 |
| 2022-08-27 | MC prepare | To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default. Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291). If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023. Additional information: Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory permissions updates. KB5008383: Active Directory permissions updates (CVE-2021-42291) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42291 https://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cde1 https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1 | To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default. Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291). If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023. Additional information: Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory permissions updates. KB5008383: Active Directory permissions updates (CVE-2021-42291) ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4229 ps://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cd ps://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cd |
*starting April 2022
Last updated 9 months ago
