Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk

The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk

Tenable's Security Response Team examines some of the most common Active Directory misconfigurations targeted by attackers and offers proactive measures to help cyber defenders disrupt attack paths. 

Microsoft's Active Directory is one of the most widely used technologies for the administration of groups and users within an organization's IT networks. It serves as the central management interface for Windows domain networks, and is used for authentication and authorization of all users and machines. This makes Active Directory a prominent and valuable target for threat actors, as attackers are able to use it as a foothold to deploy malware, create new user accounts, add new machines to the network and leverage its functionality for lateral movement. 

Once an attacker has gained a foothold into an organization's Active Directory, they can perform a number of malicious actions, such as creating new administrative users, adding new machines to the domain, deploying ransomware across the network, compromising sensitive systems, stealing sensitive data and more. By compromising just a single asset on the domain, an attacker may be able to elevate privileges and move laterally across a network, targeting sensitive data or devices along the way.

Yet, the administration of Active Directory can be complex and challenging for IT teams, and securing it can be equally complicated for security professionals. Many organizations lack security professionals with Active Directory skills and expertise. 

The challenges of securing Active Directory in the enterprise

Threat actors are well aware of common configuration issues and will look to capitalize on them as soon as they gain entry to your organization. Once an attacker gains control of Active Directory, they effectively have the "keys to the kingdom" which they can use to access any device or system connected to the network. In addition, if Active Directory serves as your Identity Provider (IdP), a compromise of it could impact your single sign-on (SSO) solution, giving attackers even more access to additional accounts which a user might be configured with access to.

Configuration issues and common security issues are the two main Active Directory risks in most organizations. Organizational challenges can also arise. For example, in many organizations, IT administrators manage Active Directory deployments, while their security counterparts are the ones responsible for protecting it. Many organizations are faced with limited IT and security budgets and security practitioners in particular are often expected to be knowledgeable in multiple domains. The result? Expert knowledge on Active Directory — and the many intricacies involved with properly implementing it — can be in short supply. 

Our new whitepaper, Securing Active Directory: The Top 5 Configuration Mistakes Putting Your Organization at Risk, aims to give busy security and IT professionals a place to focus their Active Directory efforts. Tenable's Security Response Team (SRT) analyzed breach notices and consulted with our expert research team to provide insights into the Active Directory misconfigurations we believe are most likely to be exploited in an attack. 

The whitepaper explores the reasons why such misconfigurations can happen in an organization, how they help attackers and what organizations can do to address them.  

A closer look at two vulnerabilities affecting Active Directory

Although vulnerabilities directly impacting Active Directory have not been commonplace, attackers tend to chain vulnerabilities together in an attempt to elevate their privileges and often leverage legitimate accounts and Active Directory access to further pivot and access or attack sensitive systems on a network. The paper provides insights into two prominent vulnerabilities — Zerologon (CVE-2020-1472) and ProxyLogon (CVE-2021-26857 and others) — and how they can impact Active Directory.

Download Securing Active Directory: The Top 5 Configuration Mistakes Putting Your Organization at Risk and you'll learn:

  • How attackers exploit and leverage Active Directory to attack organizations

  • What types of vulnerabilities are used to target Active Directory

  • What you can do to better protect your organization from common Active Directory misconfigurations


Improving cyber hygiene, having regular patching cycles, developing plans to address out-of-band patches and performing regular backups can all help to prepare your organization for the next vulnerability that could impact your Active Directory environment. Administrators and defenders must be ready and stay vigilant, implementing policies to reduce their exposure and protect their core.

Learn more

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.