Security News > 2020 > September > Zerologon Attacks Against Microsoft DCs Snowball in a Week

Zerologon Attacks Against Microsoft DCs Snowball in a Week
2020-09-29 18:13

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses.

Microsoft announced last week that it had started observing active exploitation in the wild: "We have observed attacks where public exploits have been incorporated into attacker playbooks," the firm tweeted on Wednesday.

A successful exploit allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft.

The initial patch for the vulnerability was issued as part of the computing giant's August 11 Patch Tuesday security updates, which addresses the security issue in Active Directory domains and trusts, as well as Windows devices.

To fully mitigate the security issue for third-party devices, users will need to not only update their domain controllers, but also enable "Enforcement mode." They should also monitor event logs to find out which devices are making vulnerable connections and address non-compliant devices, according to Microsoft.


News URL

https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774