LONDON (IT BOLTWISE) – A recently discovered vulnerability in Active Directory allows attackers to compromise domains and gain privileged access. This vulnerability, discovered by Synacktiv researchers, shows how attackers can gain control of entire networks by manipulating Group Policy Objects (GPOs). Companies worldwide are being asked to rethink their security strategies and take appropriate measures.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
Active Directory is an essential tool for managing networks in large companies. It allows optimizing network performance by managing replication and authentication across different locations. But as security researchers at Synacktiv recently showed, this system can also serve as a gateway for attacks that can compromise the entire domain.
The vulnerability arises because Active Directory sites can be linked to Group Policy Objects (GPOs) that control system configurations in an organization. If attackers gain write permissions to these sites or their associated GPOs, they can inject malicious configurations that compromise all computers connected to these sites, including domain controllers.
This type of attack provides a direct path to compromising the entire domain without triggering traditional security measures. Attackers mainly use three permission types: GenericAll, GenericWrite and WriteGPLink. Even administrators often delegate these permissions without fully understanding the possible consequences.
Once in possession of these permissions, attackers can manipulate existing GPOs or create new, malicious GPOs that execute arbitrary commands on the connected systems. These commands can be used to add attacker-controlled accounts to administrator groups, giving them domain administrator privileges in minutes.
What’s particularly dangerous is that Active Directory sites allow lateral movement across entire forests. The configuration partition that contains site information is replicated forest-wide, meaning a compromised domain controller can change site configurations that affect other domains. This technique bypasses the traditional SID filtering mechanisms that normally prevent such cross-domain attacks.
Synacktiv researchers demonstrated that attackers from a child domain can compromise the forest’s root domain simply by associating malicious GPOs with the sites that host the root domain’s controllers. This attack vector represents a significant vulnerability in many organizations’ security strategies and requires immediate attention from defense teams managing large Active Directory environments.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “Vulnerability in Active Directory: Attackers can compromise domains”.