A recently disclosed flaw in Microsoft Active Directory Certificate Services (ADCS), identified as CVE-2024-49019, could allow attackers to escalate privileges and gain control of a domain.
The vulnerability, rated with a CVSS score of 7.8, is classified as an elevation-of-privilege (EoP) issue. If exploited, attackers could potentially obtain domain administrator privileges, compromising the security of the entire network.
Microsoft’s advisory shares several ways entities can mitigate the risks, including removing excessive enrollment rights for users or groups, eliminating unused certificate templates, and securing templates that allow users to specify a subject in the request.
While no active attacks have been reported, the vulnerability’s low complexity and high likelihood of exploitation make it a critical issue for businesses to address immediately.
Jason Soroko, Senior Fellow at Sectigo, emphasized the importance of carefully managing ADCS permissions to prevent unauthorized access. “Giving too many users enroll or auto-enroll permissions in ADCS makes it tough to track who gets certificates and why. This lack of oversight can lead to unauthorized access all the way up to an attacker gaining domain administration control,” Soroko added.
“Keeping unused certificate templates on certification authorities can worsen the problem. Unused templates might be misused or wrongly issued, complicating certificate tracking even more.”
To enhance security, Soroko recommended using modern Certificate Lifecycle Management (CLM) tools. “CLM solutions boost visibility by tracking certificate issuance, renewal, and revocation. By carefully setting enrollment permissions, removing unnecessary templates, and leveraging CLM tools, organizations can create a secure and transparent certificate environment. This not only reduces the risk of unauthorized certificate issuance but also streamlines certificate management according to best security practices.”
For more information on CVE-2024-49019 and recommended mitigation steps, visit Microsoft’s advisory here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.