Security News > 2020 > September > Zerologon – hacking Windows servers with a bunch of zeros
As you can probably tell from the name, it involves Windows - everyone else talks about logging in, but on Windows you've always very definitely logged on - and it is an authentication bypass, because it lets you get away with using a zero-length password.
On a Windows network, the secret component is the domain password of the computer you're connecting from.
A buffer of 516 bytes that specifies the new password, formatted as bytes of random data, followed by N bytes specifying the password, followed by the password length N expressed as a 4-byte number.
Of course, the 516 all-zero bytes that the researchers now needed to supply in the encrypted password buffer forced them to specify a password length of zero, which you might think would be disallowed by the server.
Happily - or perhaps slightly less unhappily - the password change that they were able make didn't reset the server's actual login password, so the researchers couldn't simply login directly and take over the server via a conventional Windows desktop.
News URL
https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/
Related news
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- New Windows Server emergency updates fix container launch issue (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft: Windows Server hotpatching to require subscription (source)