Security News > 2020 > September > Zerologon Attacks Against Microsoft DCs Snowball in a Week
A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses.
Microsoft announced last week that it had started observing active exploitation in the wild: "We have observed attacks where public exploits have been incorporated into attacker playbooks," the firm tweeted on Wednesday.
A successful exploit allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft.
The initial patch for the vulnerability was issued as part of the computing giant's August 11 Patch Tuesday security updates, which addresses the security issue in Active Directory domains and trusts, as well as Windows devices.
To fully mitigate the security issue for third-party devices, users will need to not only update their domain controllers, but also enable "Enforcement mode." They should also monitor event logs to find out which devices are making vulnerable connections and address non-compliant devices, according to Microsoft.
News URL
https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)