Zerologon Patches Roll Out Beyond Microsoft

2020-09-23 21:05

They roll out as Microsoft announced that it is tracking active exploitation in the wild.

Exploiting the bug allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft.

Microsoft did issue a patch for the flaw in August, during its regularly scheduled Patch Tuesday updates.

The micropatch is logically identical to Microsoft's fix, he explained in a recent blog post: "We injected it in function NetrServerAuthenticate3 in roughly the same place where Microsoft added the call to NlIsChallengeCredentialPairVulnerable, but since the latter doesn't exist in old versions of netlogon.dll, we had to implement its logic in our patch."

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon.

News URL

https://threatpost.com/zerologon-patches-beyond-microsoft/159513/

#microsoft #CVE-2020-1472

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-17	CVE-2020-1472	An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). microsoft fedoraproject opensuse canonical synology samba debian oracle	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		382	52	1419	2922	176	4569