Name of the Vulnerable Software and Affected Versions:

Microsoft Active Directory Domain Services (affected versions not specified)

Microsoft Windows Active Directory Certificate Services (affected versions not specified)

Description:

The issue is related to a privilege escalation vulnerability in Microsoft Active Directory Domain Services and Active Directory Certificate Services. This vulnerability allows attackers to create a machine account within a domain, enabling Kerberoasting attacks to extract service account credentials from domain controllers. The vulnerability can be exploited by adding fake data to a certificate request, allowing an attacker to obtain a certificate that permits authentication on a domain controller with high privileges. Cybercriminals have been evolving social engineering tactics and exploiting this vulnerability in sophisticated campaigns.

Recommendations:

As a temporary workaround, consider disabling the vulnerable component until a patch is available.

Restrict access to the vulnerable module to minimize the risk of exploitation.

Avoid using vulnerable parameters in affected API endpoints until the issue is resolved.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.