Security News > 2020 > October > Microsoft warns of ongoing attacks using Windows Zerologon flaw
Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol.
Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, thus allowing them to take full control over the entire domain, to change any user's password, and to execute any arbitrary command.
Because the initial documentation regarding Zerologon patching was confusing, Microsoft clarified the steps admins need to take to protect devices against attacks using Zerologon exploits on September 29.
Microsoft issued a similar warning in September, urging IT admins at the time to apply the security updates issued as part of the August 2020 Patch Tuesday to secure their networks against attacks leveraging public ZeroLogon exploits.
TA505, a financially-motivated threat group known for distributing the Dridex banking trojan since 2014 and for providing a deployment vector for Clop ransomware in later stages of their attacks, was also detected by Microsoft exploiting the ZeroLogon vulnerability earlier this month.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)