Microsoft DHCP could be leveraged for Active Directory DNS spoofing

SiliconAngle reports that threat actors could exploit Microsoft's Dynamic Host Configuration Protocol DNS Dynamic Updates functionality to facilitate the spoofing of Active Directory DNS records without additional user authentication. Akamai researchers discovered that 40% of all its monitored networks, including those in major corporate data centers, leverage Microsoft DHCP services and are vulnerable to attacks, which could be conducted even outside LAN. "The impact of the attacks that we highlighted can be very significant the ability to overwrite DNS records without any authentication enables attackers to gain a machine-in-the-middle position on hosts in the domain. In most cases, the ability to intercept communication destined for the DHCP server could be abused to intercept credentials and relay them or capture sensitive traffic of other services that might be installed on the server. This could easily expose sensitive information and could allow attackers to breach AD domains and escalate privileges," said Akamai security researcher Ori David.