Tenable Blog

Attackers can get into your Active Directory by leveraging the SDProp process and gaining privileges through the adminSDHolder object. Here's how to stop them.

Attackers use every possible trick and process they can to get into your Active Directory environment by moving laterally and gaining privileges. One such method is to leverage the Security Descriptor Propagation (SDProp) process and gain privileges through the adminSDHolder object.

Celebrating the elite defenders who are helping organizations around the world conquer their cyber risk. 

Cybersecurity is always a team effort. Day in, day out, defenders rely on an ecosystem of teams, partners and vendors to address the evolving threat landscape and deliver on a holistic security mission. The recent global shift to remote work, along with the continued adoption of cloud, IoT, mobile and DevOps technologies, has only underscored this need for collaboration. 

Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release.

Update May 3, 2021: The Analysis and Solution sections have been updated to reflect the availability of a patch to address CVE-2021-22893 as well as three other vulnerabilities addressed as part of the same patch.

The simplicity of the zero-trust concept belies the complexity of implementing it in most large organizations. Here are four factors to consider before you begin the journey.

Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange.