Security News > 2020 > October > Microsoft warns of ongoing attacks using Windows Zerologon flaw
Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol.
Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, thus allowing them to take full control over the entire domain, to change any user's password, and to execute any arbitrary command.
Because the initial documentation regarding Zerologon patching was confusing, Microsoft clarified the steps admins need to take to protect devices against attacks using Zerologon exploits on September 29.
Microsoft issued a similar warning in September, urging IT admins at the time to apply the security updates issued as part of the August 2020 Patch Tuesday to secure their networks against attacks leveraging public ZeroLogon exploits.
TA505, a financially-motivated threat group known for distributing the Dridex banking trojan since 2014 and for providing a deployment vector for Clop ransomware in later stages of their attacks, was also detected by Microsoft exploiting the ZeroLogon vulnerability earlier this month.
News URL
Related news
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)