MC408406 – Reminder: Active Directory Domain Services Elevation of Privilege Vulnerability hardening changes as of April 11, 2023

Admin impact, Plan For Change, Windows

check before: 2023-04-11

Product:

Microsoft 365 Apps

Platform:

World tenant, Online

Status:

Change type:

Admin impact

Links:

Details:

Message summary:

In 2021, Microsoft addressed a security vulnerability bypass Active Directory Domain Services Elevation of Privilege Vulnerability This bypass allows certain users to set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory (AD). To exploit this vulnerability, a user must have sufficient privileges to create a computer account, such as a user granted CreateChild permissions for computer objects. That user could create a computer account using a Lightweight Directory Access Protocol (LDAP) Add call that allows overly permissive access to the securityDescriptor attribute. Additionally, creators and owners can modify security-sensitive attributes after creating an account.

When will this happen:

These Windows updates will be released in two phases:
Initial deployment: Introduction of the update, including Audit-By-Default, Enforcement or Disable modes configurable using the dSHeuristics attribute.
Final deployment: Enforcement-By-Default.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-08-04

updated:
2022-08-04

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Get a Plan

MC376180 - Reminder: Windows Distributed Component Object… 6. May 2022 check before: 2022-06-14 Product: Office 365 general Platform: World tenant, Windows Desktop Status: Change type: Admin impact Links: Details: As previously announced, security requirements will be increasing later this year for Windows devices which use…
MC354543 - Reminder: Windows Distributed Component Object… 8. April 2022 check before: 2022-06-14 Product: Office 365 general Platform: World tenant, Online Status: Change type: Admin impact Links: Details: In 2021, CVE-2021-26414 was created to track a security vulnerability discovered in the Windows Distributed Component Object…
MC392299 - Reminder: Windows Distributed Component Object… 15. June 2022 check before: 2022-06-29 Product: Windows Platform: World tenant Status: Change type: Admin impact Links: Details: Updated June 15: A correction has been made to the timeline dates. As previously announced, security requirements have increased for…
MC394275 - Take action: Out-of-band security update to… 21. June 2022 check before: 2022-06-20 Product: Azure Active Directory, Outlook, Teams, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: Microsoft is releasing Out-of-band (OOB) security updates today, June 20, 2022, only for…
MC400168 - Hardening changes coming 07/2022: Smart card… 14. July 2022 check before: 2022-07-19 Product: Office 365 general, SharePoint Platform: World tenant Status: Change type: Admin impact Links: Details: On July 13, 2021, Microsoft released hardening changes for Windows Key Distribution Center Information Disclosure Vulnerability, CVE-2021-33764.…
MC337322 - Hardening changes coming March 8: Windows DCOM… 1. March 2022 check before: 2022-06-14 Product: Office 365 general Platform: World tenant, Windows Desktop Status: Change type: Admin impact Links: Details: In 2021, CVE-2021-26414 was created to track a security vulnerability discovered in the Windows Distributed Component…