New attack on Active Directory

Jeremy Allison jra at
Tue Jan 30 17:41:29 UTC 2018

On Tue, Jan 30, 2018 at 09:36:19AM -0800, Jeremy Allison via samba-technical wrote:
> I'm still reading, but thought people on this list
> might want to get familiar with it.
> Don't know if it affects Samba yet.

Ah. Never mind - it's a mechanism to inject persistance
into an *already compromised* AD infrastructure. Phew :-).

So we're no better or worse in that respect.

Take away, if you're already compromised, you're compromised :-).



"What is most important to take away from this analysis is that “DCShadow”
is not a vulnerability but an innovative way to inject illegitimate data
into an AD infrastructure.

No unprivileged attacker will ever be able to use it to escalate their
privileges and gain administrative access to your AD using “DCShadow”.
Bottom-line is: if your AD is properly configured and secured, you
do not need to take any urgent actions."

More information about the samba-technical mailing list