Finally noPac exploit is confirmed and released. As mentioned in last month post, these 2 vulnerabilities (cve-2021-42278 and cve-2021-42287) effectively allow a regular domain user to take control of a domain controller. This is a serious concern as the exploit was confirmed as a low-effort exploit with critical impact.
Gaining domain privileges allows threat actors to gain control over a domain and use it as a starting point to deploy malware, including ransomware.
Immediate Actions:
Make sure all the domain controllers (DC) are patched and make no exception. The whole domain remains vulnerable even with one DC remain not patched successfully. The patch is available since Nov 2021.
Also do start with any detection and apply mitigation in my previous post.
Links: