Security News > 2020 > October > Microsoft Publishes Guide to Securing Systems Vulnerable to Zerologon Attacks

Microsoft has published a support article to provide guidance on what organizations need to do to ensure that they are not exposed to attacks targeting the Zerologon vulnerability.

Addressed on August 2020 Patch Tuesday, the flaw was identified in the Microsoft Windows Netlogon Remote Protocol and can be abused by remote attackers to compromise Active Directory domain controllers and gain administrator access.

In a guide aimed at administrators looking to keep their organization's environment secure, Microsoft explains that patching for the bug is being performed in two stages: an initial deployment stage, starting with the August 11 release of patches, and an enforcement phase that will start on February 9, 2021.

To mitigate the vulnerability, Microsoft says, admins should apply the August update on all domain controllers and read-only domain controllers, monitor log events to identify any devices that might still make vulnerable connections, and address these non-compliant devices, and then enable enforcement mode to address the flaw.

"The February 9, 2021 release marks the transition into the enforcement phase. The DCs will now be in enforcement mode regardless of the enforcement mode registry key. This requires all Windows and non-Windows devices to use secure RPC with Netlogon secure channel or explicitly allow the account by adding an exception for the non-compliant device," Microsoft notes.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/PJH6uXjaFcI/microsoft-publishes-guide-securing-systems-vulnerable-zerologon-attacks