Security News > 2020 > October > Microsoft warns of ongoing attacks using Windows Zerologon flaw
Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol.
Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, thus allowing them to take full control over the entire domain, to change any user's password, and to execute any arbitrary command.
Because the initial documentation regarding Zerologon patching was confusing, Microsoft clarified the steps admins need to take to protect devices against attacks using Zerologon exploits on September 29.
Microsoft issued a similar warning in September, urging IT admins at the time to apply the security updates issued as part of the August 2020 Patch Tuesday to secure their networks against attacks leveraging public ZeroLogon exploits.
TA505, a financially-motivated threat group known for distributing the Dridex banking trojan since 2014 and for providing a deployment vector for Clop ransomware in later stages of their attacks, was also detected by Microsoft exploiting the ZeroLogon vulnerability earlier this month.
News URL
Related news
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)