MC408406 – Reminder: Active Directory Domain Services Elevation of Privilege Vulnerability hardening changes as of April 11, 2023

cloudscout.one Icon

check before: 2023-04-11

Product:

Microsoft 365 Apps

Platform:

World tenant, Online

Status:

Change type:

Admin impact

Links:

Details:

Message summary:


In 2021, Microsoft addressed a security vulnerability bypass Active Directory Domain Services Elevation of Privilege Vulnerability This bypass allows certain users to set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory (AD). To exploit this vulnerability, a user must have sufficient privileges to create a computer account, such as a user granted CreateChild permissions for computer objects. That user could create a computer account using a Lightweight Directory Access Protocol (LDAP) Add call that allows overly permissive access to the securityDescriptor attribute. Additionally, creators and owners can modify security-sensitive attributes after creating an account.

When will this happen:


These Windows updates will be released in two phases:
Initial deployment: Introduction of the update, including Audit-By-Default, Enforcement or Disable modes configurable using the dSHeuristics attribute.
Final deployment: Enforcement-By-Default.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-08-04

updated:
2022-08-27

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Login
Get a Plan

changes*

DatePropertyoldnew
2022-09-15MC prepareTo protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default.
Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291).
If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023.



Additional information:
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory permissions updates.
KB5008383: Active Directory permissions updates (CVE-2021-42291)
ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4229
ps://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cd
ps://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cd		To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default.
Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291).
If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023.



Additional information:
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory permissions updates.
KB5008383: Active Directory permissions updates (CVE-2021-42291)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42291
https://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cde1
https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1
2022-08-27MC prepareTo protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default.
Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291).
If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023.



Additional information:
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory permissions updates.
KB5008383: Active Directory permissions updates (CVE-2021-42291)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42291
https://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cde1
https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1		To protect your environment and avoid outages, please complete the following steps:
Update all devices that host the Active Directory domain controller role by installing the latest Windows updates. This implements the changes in Audit mode by default.
Monitor the Directory Service event log for 3044-3056 events on domain controllers that have the November 9, 2021, or later Windows updates released before programmatic Enforcement mode. Logged events indicate that a user might have excessive privileges to create computer accounts with arbitrary security-sensitive attributes. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. See the "Newly added events" section in the KB5008383: Active Directory permissions updates (CVE-2021-42291).
If Audit mode does not detect any unexpected privileges for a sufficient length of time, switch to Enforcement mode to ensure that no negative results occur. Report any unexpected scenarios to Microsoft using a Premier or Unified Support case or the Feedback Hub. Important Enforcement mode will be turned on by default in an upcoming update no sooner than April 11, 2023.



Additional information:
Active Directory Domain Services Elevation of Privilege Vulnerability
Active Directory permissions updates.
KB5008383: Active Directory permissions updates (CVE-2021-42291)
ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-4229
ps://support.microsoft.com/en-us/topic/536d5555-ffba-4248-a60e-d6cbc849cd
ps://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cd

*starting April 2022

Last updated 2 months ago

Related Posts:

  • MC451956 - Take action: Understand domain join hardening changes and avoid potential operational issues
    MC451956 - Take action: Understand domain join hardening…     29. October 2022 check before: 2022-11-11 Product: Office 365 general Platform: World tenant Status: Change type: Admin impact Links: Details: Windows updates released on and after October 11, 2022, contain additional protections introduced by CVE-2022-38042. These protections intentionally…
  • MC451954 - Reminder: Important changes coming January 2023 for the Windows Diagnostic data processor configuration
    MC451954 - Reminder: Important changes coming January 2023…     29. October 2022 check before: 2022-11-11 Product: Azure Active Directory, Microsoft Endpoint Manager, Priva, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: As previously announced, we are introducing a significant change for enterprise…
  • MC392299 - Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of June 14, 2022
    MC392299 - Reminder: Windows Distributed Component Object…     15. June 2022 check before: 2022-06-29 Product: Windows Platform: World tenant Status: Change type: Admin impact Links: Details: Updated June 15: A correction has been made to the timeline dates. As previously announced, security requirements have increased for…
  • MC394275 - Take action: Out-of-band security update to address an issue with Azure Active Directory services on Arm-based devices
    MC394275 - Take action: Out-of-band security update to…     21. June 2022 check before: 2022-06-20 Product: Azure Active Directory, Outlook, Teams, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: Microsoft is releasing Out-of-band (OOB) security updates today, June 20, 2022, only for…
  • MC445156 - Reminder: Windows 8.1 support ends on January 10, 2023
    MC445156 - Reminder: Windows 8.1 support ends on January 10,…     12. October 2022 check before: 2023-01-10 Product: FastTrack, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: As a reminder, Windows 8.1 will reach the end of support on January 10, 2023, at which…
  • MC465904 - Reminder: Windows 8.1 support ends on January 10, 2023
    MC465904 - Reminder: Windows 8.1 support ends on January 10,…     11. November 2022 check before: 2022-11-24 Product: FastTrack, Windows Platform: Windows Desktop, World tenant Status: Change type: Admin impact Links: Details: As a reminder, Windows 8.1 will reach the end of support on January 10, 2023, at which…

Leave a Reply

cloudscout.one

Consolidated Microsoft 365 Roadmap and Message Center analysis for Office 365 operations and change management.

Share on

Support

Schierding.one GmbH

Alleenstraße 16
78549 Spaichingen
Phone: +49 (0)7424 60899-09
E-Mail: info@schierding.one
Amtsgericht Stuttgart (HRB 767585)
USt-ID DE321821109

Legal:

Privacy Policy

Imprint

FAQ

Login to your account

Welcome Back, We Missed You!