Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the existence of remote code execution risk early warning in the Windows domain environment. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something from this article.

0x00 event background

Recently, 360CERT has detected that foreign security researchers have disclosed an attack utilization scheme that poses a serious threat to the Windows domain environment, which is a combination of man-in-the-middle attacks and resource-constrained delegation attacks. The attack utilization scheme does not require the victim to take the initiative to access the service established by the attacker, thus greatly improving its availability. An attacker only needs one machine in the control domain to attack other machines in the same broadcast domain, and will be controlled by the attacker when the victim machine initiates a specific network request. The attack utilization scheme poses a serious threat to the Windows domain environment. 360CERT recommends that users who use the Windows domain environment should take corresponding mitigation measures to protect the attack utilization scheme as soon as possible.

0x01 scope of influence

Use Windows2012 (and later versions) as the Windows domain environment for domain controllers.

0x02 mitigation measures

Turn on the mandatory LDAP signing and LDAPS Channel Binding feature on all domain controllers.

Users with sensitive permissions in the domain are added to the ProtectedUsers group and set to sensitive accounts and cannot be delegated.

If WPAD is not used in the domain ring, the WinHttpAutoProxySvc service of the host in the domain can be disabled by issuing the domain policy; if the IPV6 is not used in the environment, the DHCPv6 traffic in the network can be restricted through the host firewall or at the network level.

After reading the above, do you have any further understanding of the existence of remote code execution risk warning in Windows domain environment? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.