Active Directory Certificate Services Domain Escalation via Vulnerable PKI AD Object Access Controls
Active Directory Certificate Services (ADCS) is Microsoft's enterprise PKI implementation that integrates with Active Directory. Principals can request PKI Certificates based on collections of enrollment policies and predefined certificate settings known as Certificate Templates.
Several AD objects can have a security impact on the entire Enterprise AD CS system. Possibilities include the CA server's AD computer object, the CA server's RPC/DCOM server, or any descendant AD object or container in the container CN=Public Key Services,CN=Services,CN=Configuration,DC=
Compromise of enterprise PKI System, leading to Domain Privilege Escalation.