Check The DHCP Settings On Your Microsoft Active Directories

Source: The Register Check The DHCP Settings On Your Microsoft Active Directories

No Detections In The Wild, Yet …

Sysadmins who have left their DHCP settings for Active Directories with default settings, which seems to be about 40% of them, are vulnerable to a rather nasty DHCP DNS spoof attack.  The researchers at Akamai who discovered this flaw were able to leverage it without needing any credentials whatsoever, a rather worrying development.  The report does not contain the technical details on how to leverage the exploit, however it will likely be released soon as Microsoft’s response to Akamai was dismissive.

In theory it leverages the process by which a device that is given an IP address by the DHCP server can then contact the DNS server and update it’s own DNS record using DNS Dynamic Updates.  This happens without supplying credentials, but it could be used to authenticate the machine which could then modify or overwrite other DNS entries inside your Active Directory Integrated DNS.  That can be used to leverage some other known exploits, which previously needed proper authentication to be used.

Check out The Register for more about what we know so far.

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.

Video News

About The Author

Jeremy Hellstrom

Call it,, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!