Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover.

In a Monday alert, Microsoft urged organizations to immediately patch the pair of bugs, tracked as CVE-2021–42287 and CVE-2021–42278, both of which were fixed in its November 2021 Patch Tuesday release.