This detection rule addresses the configuration vulnerabilities associated with Active Directory Certificate Services (ADCS) when certificate templates are improperly configured. It specifically targets any instance where a certificate is created using templates that permit risky permissions for the subject or include risky Extended Key Usages (EKU). The rule relies on monitoring Event IDs 4898 and 4899, which signify the introduction of new or updated certificate templates in the ADCS. If a template flagged with ‘CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT’ is detected alongside EKUs indicating potential misuse (such as those with Object Identifier values like '1.3.6.1.5.5.7.3.2' for Secure Server Authentication), the rule will trigger an alert, scanning for known risky configurations in newly created or modified certificates. Key risk sources include allowing users to supply their own subject names, which could lead to privilege escalation or unauthorized access to sensitive resources.