Security News > 2020 > September > CISA Warns of Hackers Exploiting Zerologon Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency has issued an alert to warn of attackers actively targeting a recently addressed vulnerability in the Microsoft Windows Netlogon Remote Protocol.
The vulnerability allows an unauthenticated attacker connected to a domain controller using Netlogon to gain domain administrator access.
Samba issued patches for the bug too, and last week Microsoft revealed that it was seeing the first attempts to target the Zerologon flaw, and CISA was quick to issue an alert on such attacks as well.
"The Cybersecurity and Infrastructure Security Agency is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft's Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access," the agency said.
CISA again underlined the need to apply the available patches, as that would prevent successful exploitation, and announced the release of a patch validation script that can help organizations identify unpatched Microsoft domain controllers.
News URL
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)