CVE-2021-42278
HIGH KEV RANSOMWAREActive Directory Domain Services - Privilege Escalation
Title source: llmDescription
Active Directory Domain Services Elevation of Privilege Vulnerability
Exploits (8)
nomisec
SCANNER
2 stars
by cybersecurityworks553 · poc
https://github.com/cybersecurityworks553/noPac-detection
patchapalooza
WORKING POC
by XiaoliChan · remote-auth
https://github.com/XiaoliChan/Invoke-sAMSpoofing
Scores
CVSS v3
7.5
EPSS
0.9407
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-04-11
VulnCheck KEV
2022-04-11
InTheWild.io
2022-04-06
ENISA EUVD
EUVD-2021-29254
Ransomware Use
Confirmed
Status
published
Products (9)
microsoft/windows_server_2004
< 10.0.19041.1348
microsoft/windows_server_2008
microsoft/windows_server_2008
r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
microsoft/windows_server_2016
< 10.0.14393.4770
microsoft/windows_server_2019
< 10.0.17763.2300
microsoft/windows_server_2022
< 10.0.20348.350
microsoft/windows_server_20h2
< 10.0.19042.1348
Published
Nov 10, 2021
KEV Added
Apr 11, 2022
Tracked Since
Feb 18, 2026