#Windows Active Directory

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**How could an attacker exploit this vulnerability?** An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege.

**What is the scope of this security update?** This update resolves an elevation of privilege vulnerability specific to Active Directory Domain Services environments with incoming trusts. Prior to this update, an attacker could elevate privileges across the trust boundary under certain conditions.

*Where can I find more information about Verification of uniqueness for user principal name, service principal name, or the service principal name alias?* See Verification of uniqueness for user principal name, service principal name, and the service principal name alias.

*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.

*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.

*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.