Security News > 2020 > October > Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug
Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that's been a persistent worry to both the company and the U.S. government over the last few months.
Despite patching awareness efforts, Microsoft said it is still receiving "a small number of reports from customers and others" about active exploits of the bug tracked as CVE-2020-1472, or Zerologon, according to a blog post by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.
Microsoft's latest advisory was enough for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to step in and issue a statement of its own Thursday warning organizations about continued exploit of the bug.
Interest from the feds likely has intensified since Microsoft's warning earlier this month that an Iranian nation-state advanced persistent threat actor that Microsoft calls MERCURY is now actively exploiting Zerologon.
"CISA urges administrators to patch all domain controllers immediately-until every domain controller is updated, the entire infrastructure remains vulnerable, as threat actors can identify and exploit a vulnerable system in minutes," according to the CISA alert.
News URL
https://threatpost.com/microsoft-warns-zerologon-bug/160769/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Threat actors are using legitimate Microsoft feature to compromise M365 accounts (source)
- Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)