KB5021131 – How To Detect RC4 Accounts

Published on 15 Nov 2022

In the Microsoft article about the November 2022 updates KB5021131 for CVE-2022-37966, Microsoft provides a detection rule:

((msDS-SupportedEncryptionTypes & 0x3F) != 0) && ((msDS-SupportedEncryptionTypes & 0x38) == 0)

This rule is not an expression you can user as-is with Get-ADUser or Get-ADObject.

If you want to identify RC4 accounts (both users and computers objects), you can use the following:

Get-ADObject -Properties msDS-SupportedEncryptionTypes |
    Where-Object -FilterScript {
        (($_."msDS-SupportedEncryptionTypes" -band 0x3f) -ne 0) -and
        (($_."msDS-SupportedEncryptionTypes" -band 0x38) -eq 0)
    }

Clap

Comments

Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France

Featured Posts

Télécharge Road to Santa Cloud 365 Hiver 2023 en PDF

PowerShell Coding Assistant with Best Practices-The AI Advantage

KB5021131 – How To Detect RC4 Accounts

Comments

Bastien Perez

Featured Posts

Download Road to Santa Cloud 365 Winter 2023 PDF

Télécharge Road to Santa Cloud 365 Hiver 2023 en PDF

Télécharge le cahier de vacances AD été 2023 en PDF