The researchers of Akamai they discovered a series of attacks against the domains Active Directory con server DHCP (Dynamic Host Configuration Protocol) Microsoft.
These attacks, which exploit the default DHCP server configuration, could allow attackers to manipulate sensitive DNS records, with serious consequences such as stolen credentials or compromise of the entire Active Directory domain.
The scope of these attacks is notable because Microsoft DHCP servers are extremely widespread, operating in as many as 40 percent of the networks monitored by Akamai. Despite reporting the findings to Microsoft, no fix is currently planned.
In an effort to address this threat, Akamai has compiled a detailed blog post providing system administrators and blue teams with best practices for securely configuring the Microsoft DHCP server to mitigate such attacks.
Additionally, in exploring the dangerous ability of attackers to spoof DNS records, Akamai highlights the serious consequences of these actions, ranging from the exposure of sensitive data to the possibility of remote code execution.
Akamai researchers examined the inner workings of the Microsoft DHCP server, its interaction with DNS e Active Directory, providing guidance on how to effectively secure these interfaces. Akamai will continue to monitor these and other threats and will provide additional information as it arises. Real-time updates on further research are available on Akamai’s Twitter channel.