CPE

Cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::*::x64:

2 briefs RSS

Potential Privileged Escalation via SamAccountName Spoofing (CVE-2021-42278)

This rule detects potential privilege escalation attempts by exploiting CVE-2021-42278, which involves spoofing the samAccountName attribute to impersonate a domain controller and elevate privileges from a standard domain user to a domain administrator by identifying suspicious computer account name rename events where a machine account name is renamed to a user-like account name.

Active Directory privilege-escalation windows active-directory cve-2021-42278

2r 1t 1c 1h ago

high advisory

Potential Privilege Escalation via InstallerFileTakeOver (CVE-2021-41379)

2 rules 1 TTP 1 CVE

This rule detects potential exploitation of the InstallerTakeOver vulnerability (CVE-2021-41379), where successful exploitation allows an unprivileged user to escalate privileges to SYSTEM.

Edge privilege-escalation cve-2021-41379 windows

2r 1t 1c 1h ago

Cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Potential Privileged Escalation via SamAccountName Spoofing (CVE-2021-42278)

Potential Privilege Escalation via InstallerFileTakeOver (CVE-2021-41379)

Cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::*::x64: