noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds

Blog – crowdstrike.com

What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain.  In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was […]