CVE-2021-42278 Microsoft CVE debrief

Who should care

Windows domain administrators, Active Directory and identity platform teams, SOC and vulnerability management teams, and any organization that relies on Microsoft Active Directory Domain Services—especially where domain controllers support business-critical systems.

Technical summary

The public record identifies this issue as a privilege escalation vulnerability in Microsoft Active Directory Domain Services. CISA’s KEV entry marks it as actively exploited and notes known ransomware campaign use. The supplied sources do not provide additional technical mechanics, so operational focus should be on prompt vendor-guided remediation and exposure reduction.

Defensive priority

Critical. CISA designated the issue as known exploited and assigned a remediation due date of 2022-05-02 in the KEV catalog, which makes it a top-priority patching and validation item for Microsoft Active Directory environments.

Recommended defensive actions

• Apply Microsoft updates per vendor instructions as soon as possible.
• Prioritize patching domain controllers and other Active Directory Domain Services systems first.
• Confirm the environment is covered by current vulnerability and patch management processes for KEV-listed issues.
• Review identity and administrative access controls around Active Directory to reduce the impact of privilege escalation.
• Validate remediation after patching and track any unpatched or exception-based systems until fully updated.

Evidence notes

This debrief is based only on the supplied source corpus and official links: the CISA KEV source item identifies Microsoft Active Directory Domain Services as the affected product, classifies the vulnerability as known exploited, notes known ransomware campaign use, and directs users to apply updates per vendor instructions. The provided CVE and timeline fields place public cataloging at 2022-04-11, with KEV due date 2022-05-02. No CVSS score was supplied in the corpus.

Official resources