Security News > 2020 > September > CISA Warns of Hackers Exploiting Zerologon Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency has issued an alert to warn of attackers actively targeting a recently addressed vulnerability in the Microsoft Windows Netlogon Remote Protocol.
The vulnerability allows an unauthenticated attacker connected to a domain controller using Netlogon to gain domain administrator access.
Samba issued patches for the bug too, and last week Microsoft revealed that it was seeing the first attempts to target the Zerologon flaw, and CISA was quick to issue an alert on such attacks as well.
"The Cybersecurity and Infrastructure Security Agency is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft's Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access," the agency said.
CISA again underlined the need to apply the available patches, as that would prevent successful exploitation, and announced the release of a patch validation script that can help organizations identify unpatched Microsoft domain controllers.
News URL
Related news
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 5.5 |