New attack on Active Directory
Jeremy Allison
jra at samba.org
Tue Jan 30 17:41:29 UTC 2018
On Tue, Jan 30, 2018 at 09:36:19AM -0800, Jeremy Allison via samba-technical wrote:
> https://blog.alsid.eu/dcshadow-explained-4510f52fc19d
>
> I'm still reading, but thought people on this list
> might want to get familiar with it.
>
> Don't know if it affects Samba yet.
Ah. Never mind - it's a mechanism to inject persistance
into an *already compromised* AD infrastructure. Phew :-).
So we're no better or worse in that respect.
Take away, if you're already compromised, you're compromised :-).
Jeremy.
---------------------------------------------------------
"What is most important to take away from this analysis is that “DCShadow”
is not a vulnerability but an innovative way to inject illegitimate data
into an AD infrastructure.
No unprivileged attacker will ever be able to use it to escalate their
privileges and gain administrative access to your AD using “DCShadow”.
Bottom-line is: if your AD is properly configured and secured, you
do not need to take any urgent actions."
More information about the samba-technical
mailing list