Microsoft Shares Guidelines To Help Admins Fight KrbRelayUp Attacks

Share post:

Microsoft has developed a common guide to help administrators effectively protect their Windows enterprise environment from KrbRelayUp attacks.

Administrators are advised to secure communication between LDAP clients and Active Directory (AD) domain controllers by forcing the signature of the LDAP server and enabling Extended Protection for Authentication (EPA).

The Microsoft 365 Defender Research also provides additional details about how the KrbRelayUp attack works and more information about how to improve device configuration.

The KrbRelayUp attack involves exploiting the KrbRelayUp tool, developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker and ADCSPwn privilege escalation tools.

Exploiting the KrbRelayUp tool allows attackers to gain SYSTEM privileges on Windows systems with default configurations.

According to Microsoft, the privilege escalation tool does not work against organizations with cloud-based Azure Active Directory environments. However, KrbRelayUp can help compromise Azure virtual machines in hybrid AD environments where domain controllers are synchronized with Azure AD.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more. Welcome to Cyber Security...

Google criticizes Microsoft’s security practices in new report

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways