Security News > 2020 > October > Microsoft warns of ongoing attacks using Windows Zerologon flaw
Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol.
Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, thus allowing them to take full control over the entire domain, to change any user's password, and to execute any arbitrary command.
Because the initial documentation regarding Zerologon patching was confusing, Microsoft clarified the steps admins need to take to protect devices against attacks using Zerologon exploits on September 29.
Microsoft issued a similar warning in September, urging IT admins at the time to apply the security updates issued as part of the August 2020 Patch Tuesday to secure their networks against attacks leveraging public ZeroLogon exploits.
TA505, a financially-motivated threat group known for distributing the Dridex banking trojan since 2014 and for providing a deployment vector for Clop ransomware in later stages of their attacks, was also detected by Microsoft exploiting the ZeroLogon vulnerability earlier this month.
News URL
Related news
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)