Security News > 2020 > September > Zerologon Attacks Against Microsoft DCs Snowball in a Week
A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses.
Microsoft announced last week that it had started observing active exploitation in the wild: "We have observed attacks where public exploits have been incorporated into attacker playbooks," the firm tweeted on Wednesday.
A successful exploit allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft.
The initial patch for the vulnerability was issued as part of the computing giant's August 11 Patch Tuesday security updates, which addresses the security issue in Active Directory domains and trusts, as well as Windows devices.
To fully mitigate the security issue for third-party devices, users will need to not only update their domain controllers, but also enable "Enforcement mode." They should also monitor event logs to find out which devices are making vulnerable connections and address non-compliant devices, according to Microsoft.
News URL
https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 0.0 |