EXECUTIVE SUMMARY:
A critical vulnerability in Microsoft’s Active Directory Certificate Services (AD CS), CVE-2024-49019, allows attackers to escalate privileges and potentially gain domain admin access by exploiting improperly configured version 1 certificate templates. Dubbed ESC15 or “EKUwu,” the flaw enables attackers with basic enrollment rights to bypass restrictions by manipulating Certificate Signing Requests (CSRs), granting unauthorized privileges like client authentication and code signing. The exploit impacts commonly used templates like WebServer, posing a significant threat to AD CS environments.
Organizations using AD CS must immediately apply the latest security updates and review certificate template configurations to prevent privilege escalation attacks. Proactive auditing and tightening enrollment permissions are crucial to securing enterprise PKI environments.
RECOMMENDATION:
We strongly recommend you update Microsoft AD CS to below version:
Download from here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/active-directory-certificate-services-vulnerability/