Microsoft Shares Guidelines To Help Admins Fight KrbRelayUp Attacks

Share post:

Microsoft has developed a common guide to help administrators effectively protect their Windows enterprise environment from KrbRelayUp attacks.

Administrators are advised to secure communication between LDAP clients and Active Directory (AD) domain controllers by forcing the signature of the LDAP server and enabling Extended Protection for Authentication (EPA).

The Microsoft 365 Defender Research also provides additional details about how the KrbRelayUp attack works and more information about how to improve device configuration.

The KrbRelayUp attack involves exploiting the KrbRelayUp tool, developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker and ADCSPwn privilege escalation tools.

Exploiting the KrbRelayUp tool allows attackers to gain SYSTEM privileges on Windows systems with default configurations.

According to Microsoft, the privilege escalation tool does not work against organizations with cloud-based Azure Active Directory environments. However, KrbRelayUp can help compromise Azure virtual machines in hybrid AD environments where domain controllers are synchronized with Azure AD.

The sources for this piece include an article in BleepingComputer.



Related articles

Microsoft announces enhanced security feature for OneNote

Microsoft has released further information on the increased security measures it is deploying for OneNote in order to...

Russian hacker group steals Emails of NATO officials and diplomats

Since February 2023, a Russian hacking gang known as TA473 or 'Winter Vivern' has targeted unpatched Zimbra endpoints...

Microsoft increases Bing Chat’s session limit

Since early user feedback revealed flaws in Bing's AI chatbot, Microsoft has progressively increased the communication limit. When the...

How AI is revolutionizing the data center industry

Artificial intelligence (AI) has been a trendy issue in recent years, due to its capacity to produce code...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways