skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Zero-Day Vulnerability Identified in Active Directory Certificate Services

/ 1 min read

Critical zero-day vulnerability discovered in Active Directory Certificate Services. Security researchers from TrustedSec have identified a significant zero-day vulnerability, CVE-2024-49019, in Active Directory Certificate Services (AD CS) that allows attackers with enrollment rights to escalate privileges by manipulating version 1 certificate templates. With a CVSS score of 7.8, this flaw was addressed in Microsoft’s November Patch Tuesday, but its potential for exploitation remains concerning. The vulnerability enables unauthorized requests for client authentication and code-signing certificates, posing risks to domain administrator privileges. TrustedSec recommends restricting enrollment permissions, removing unused templates, and enhancing template security to mitigate this risk, particularly for environments utilizing version 1 templates.