Browser limitation detected

Facebook browser may limit features like the Menu. For the best experience, please tap (...) and choose 'Open in Browser'.

ITPro-Tips logo
Advertise
Photo by Andrew Ridley / Unsplash
KB5021131 – How To Detect RC4 Accounts

KB5021131 – How To Detect RC4 Accounts

— 1 min read
Bastien Perez
Bastien Perez

In the Microsoft article about the November 2022 updates KB5021131 for CVE-2022-37966, Microsoft provides a detection rule:

((msDS-SupportedEncryptionTypes & 0x3F) != 0) && ((msDS-SupportedEncryptionTypes & 0x38) == 0)

This rule is not an expression you can user as-is with Get-ADUser or Get-ADObject.

If you want to identify RC4 accounts (both users and computers objects), you can use the following:

Get-ADObject -Properties msDS-SupportedEncryptionTypes |
    Where-Object -FilterScript {
        (($_."msDS-SupportedEncryptionTypes" -band 0x3f) -ne 0) -and
        (($_."msDS-SupportedEncryptionTypes" -band 0x38) -eq 0)
    }

active directory
Share

Comments

data-mapping="pathname" data-strict="0" data-reactions-enabled="0" data-emit-metadata="0" data-input-position="top" data-theme="preferred_color_scheme" data-lang="en" data-loading="lazy" crossorigin="anonymous" async>
banner-Bastien Perez
Bastien Perez avatar

Freelance Microsoft 365 - Active Directory - Modern Workplace

France