CATEGORIES
home News

Vicious Zerologon Windows Security Flaw Is Now Actively Exploited By Hackers

by Paul LillyFriday, September 25, 2020, 10:30 AM EDT
Hacked
There is a very good reason why the Department of Homeland Security recently issued an emergency directive to federal agencies to patch their Windows Servers against Zerologon. Just five days after the directive, Microsoft confirmed on Twitter that Zerologon is actively being exploited by hackers.

"Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks," Microsoft warned.

Zerologon is serious threat affecting Windows Server systems that is rated a 10 out of 10 on the Common Vulnerability Scoring System (CVSS). Left unpatched, an attacker could take over an organization's domain controller and execute privileged escalations. It does this by leveraging how the Netlogon Remote Protocol.

This protocol is supposed to authenticate machines and users, as well as update passwords within a domain. However, an attacker could thwart its good intentions through dirty deeds, by setting up a TCP connection to the domain controller, to spoof a client.

The spoofing consists of three main parts—tricking the domain controller into authenticating a session and brute forcing session keys (domain controllers do not terminate after multiple invalid login attempts), disabling session key encryption, and then finally authenticating a bogus session with an amalgamation of the data that was sent earlier.

While serious, the good news is that a patch exists—Microsoft released it last month. However, it is common for businesses and other organizations to put off updating systems temporarily, in part to test compatibility and avoid potential unforeseen issues. In this case, they should make it a priority to get their ducks in a row, and apply the patch (CVE-2020-1472) ASAP.

In the meantime, Microsoft said it will continue to "monitor developments and update the threat analytics report with the latest info."
Tags:  Microsoft, security, Windows Server, (nasdaq:msft), zerologon
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment