Home News Active Directory Checklist – Attack & Defense Cheatsheet

    Active Directory Checklist – Attack & Defense Cheatsheet

    5
    0


    CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when an attacker establishes a susceptible Netlogon safe channel connection to a site controller, utilizing the Netlogon Distant Protocol (MS-NRPC). An attacker who efficiently exploited the vulnerability may run a specifically crafted software on a tool on the community. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 CVE-2019-1040 Home windows NTLM Tampering Vulnerability A tampering vulnerability exists in Microsoft Home windows when a man-in-the-middle attacker is ready to efficiently bypass the NTLM MIC (Message Integrity Test) safety, aka ‘Home windows NTLM Tampering Vulnerability’. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040 CVE-2019-0683 Energetic Listing Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Energetic Listing Forest trusts attributable to a default setting that lets an attacker within the trusting forest request delegation of a TGT for an identification from the trusted forest, aka ‘Energetic Listing Elevation of Privilege Vulnerability’. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0683 CVE-2019-0708 Distant Desktop Providers Distant Code Execution Vulnerability A distant code execution vulnerability exists in Distant Desktop Providers previously often called Terminal Providers when an unauthenticated attacker connects to the goal system utilizing RDP and sends specifically crafted requests, aka ‘Distant Desktop Providers Distant Code Execution Vulnerability’. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 CVE-2018-8581 Microsoft Alternate Server Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Microsoft Alternate Server, aka “Microsoft Alternate Server Elevation of Privilege Vulnerability.” This impacts Microsoft Alternate Server. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518 CVE-2017-0143 Home windows SMB Distant Code Execution Vulnerability The SMBv1 server in Microsoft Home windows Vista SP2; Home windows Server 2008 SP2 and R2 SP1; Home windows 7 SP1; Home windows 8.1; Home windows Server 2012 Gold and R2; Home windows RT 8.1; and Home windows 10 Gold, 1511, and 1607; and Home windows Server 2016 permits distant attackers to execute arbitrary code through crafted packets, aka “Home windows SMB Distant Code Execution Vulnerability.” This vulnerability is totally different from these described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143 CVE-2016-0128 Home windows SAM and LSAD Downgrade Vulnerability The SAM and LSAD protocol implementations in Microsoft Home windows Vista SP2, Home windows Server 2008 SP2 and R2 SP1, Home windows 7 SP1, Home windows 8.1, Home windows Server 2012 Gold and R2, Home windows RT 8.1, and Home windows 10 Gold and 1511 don’t correctly set up an RPC channel, which permits man-in-the-middle attackers to carry out protocol-downgrade assaults and impersonate customers by modifying the client-server knowledge stream, aka “Home windows SAM and LSAD Downgrade Vulnerability” or “BADLOCK.” https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0128 CVE-2014-6324 Vulnerability in Kerberos May Permit Elevation of Privilege (3011780) The Kerberos Key Distribution Middle (KDC) in Microsoft Home windows Server 2003 SP2, Home windows Vista SP2, Home windows Server 2008 SP2 and R2 SP1, Home windows 7 SP1, Home windows 8, Home windows 8.1, and Home windows Server 2012 Gold and R2 permits distant authenticated area customers to acquire area administrator privileges through a cast signature in a ticket, as exploited within the wild in November 2014, aka “Kerberos Checksum Vulnerability.” https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-068 CVE-2014-1812 Vulnerability in Group Coverage Preferences may permit elevation of privilege The Group Coverage implementation in Microsoft Home windows Vista SP2, Home windows Server 2008 SP2 and R2 SP1, Home windows 7 SP1, Home windows 8, Home windows 8.1, and Home windows Server 2012 Gold and R2 doesn’t correctly deal with the distribution of passwords, which permits distant authenticated customers to acquire delicate credential info and consequently achieve privileges by leveraging entry to the SYSVOL share, as exploited within the wild in Could 2014, aka “Group Coverage Preferences Password Elevation of Privilege Vulnerability.” https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati



    Source link