Security News > 2020 > September > Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Proof-of-concept exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies' Active Directory domain controllers.

"This attack has a huge impact: It basically allows any attacker on the local network to completely compromise the Windows domain," said researchers with Secura, in a Friday whitepaper.

In a real-world attack, attackers could send a number of Netlogon messages in which various fields are filled with zeroes, allowing them to bypass these authentication measures, and access and change the computer password of the domain controller that is stored in the Active Directory, researchers said.

Of note, in order to exploit this vulnerability, the attacker would need to launch the attack from a machine on the same local-area network as their target - meaning they would already need a foothold inside the targeted network.

If attackers are able to exploit the flaw, they can impersonate the identity of any machine on a network when attempting to authenticate to the Domain Controller - enabling further attacks, including the complete takeover of a Windows domain, researchers said.

News URL

https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/