Security News > 2023 > December > Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets
A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.
While the current report doesn't provide technical details or proof-of-concept exploits, Akamai has promised, in the near future, to publish code that implements these attacks called DDSpoof - short for DHCP DNS Spoof.
Organizations can create DNS record using a DHCP feature called DHCP DNS Dynamic Updates.
"Whenever a client is given an IP address by the DHCP server, the latter can contact the DNS server and update the client's DNS record," Akamai's Ori David explained.
DHCP DNS Dynamic Updates does not require any authentication by the DHCP client, and Microsoft DHCP servers enable DHCP DNS Dynamic Updates by default.
In addition to creating non-existent DNS records, unauthenticated attackers can also use the DHCP server to overwrite existing data, including DNS records inside the ADI zone in instances where the DHCP server is installed on a domain controller, which David says is the case in 57 percent of the networks Akamai monitors.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/07/attacks_abuse_microsoft_dhcp/
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- Microsoft warns of "Dirty Stream" attack impacting Android apps (source)