Rule Library

Sigma Rules

2 rules found for "CVE-2021-42287"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Suspicious Computer Account Name Change CVE-2021-42287

Detects the renaming of an existing computer account to a account name that doesn't contain a $ symbol as seen in attacks against CVE-2021-42287

Windowssecurity

Florian Roth (Nextron Systems)Wed Dec 222021

Emerging Threatmediumtest

Potential CVE-2021-42287 Exploitation Attempt

The attacker creates a computer object using those permissions with a password known to her. After that she clears the attribute ServicePrincipalName on the computer object. Because she created the object (CREATOR OWNER), she gets granted additional permissions and can do many changes to the object.

Windowssystem

François HubautWed Dec 152021