CVE-2021-42287 Microsoft CVE debrief

Who should care

Active Directory and domain controller administrators, identity and directory service teams, SOC/incident response staff, patch management owners, and any organization running Microsoft Active Directory Domain Services.

Technical summary

The official description identifies CVE-2021-42287 as a Microsoft Active Directory Domain Services privilege escalation vulnerability. The supplied corpus does not provide deeper exploit mechanics, so the safest evidence-based summary is that the flaw affects AD DS, can be used for privilege escalation, and is considered known-exploited by CISA. Because Active Directory is a core identity service, remediation should be prioritized across all affected environments.

Defensive priority

High — CISA lists this CVE in KEV with known exploitation and known ransomware campaign use, so patching and verification should be treated as urgent.

Recommended defensive actions

• Apply Microsoft updates per vendor instructions.
• Verify which Active Directory Domain Services systems and domain controllers are affected.
• Prioritize remediation in environments exposed to untrusted users, branch offices, or high-value identity infrastructure.
• Confirm patch status using the CISA KEV entry and Microsoft security guidance.
• Investigate for anomalous Active Directory privilege changes or unexpected authentication and account-management activity if exploitation is suspected.

Evidence notes

The official CVE and NVD records identify the issue as Microsoft Active Directory Domain Services privilege escalation. CISA KEV adds the vulnerability on 2022-04-11, lists the due date as 2022-05-02, and states the required action is to apply updates per vendor instructions. The KEV metadata also marks known ransomware campaign use as Known. The supplied corpus does not include CVSS or vendor exploit details, so this debrief stays limited to the official metadata and remediation guidance.

Official resources