Security News > 2020 > October > Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug
Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that's been a persistent worry to both the company and the U.S. government over the last few months.
Despite patching awareness efforts, Microsoft said it is still receiving "a small number of reports from customers and others" about active exploits of the bug tracked as CVE-2020-1472, or Zerologon, according to a blog post by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.
Microsoft's latest advisory was enough for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to step in and issue a statement of its own Thursday warning organizations about continued exploit of the bug.
Interest from the feds likely has intensified since Microsoft's warning earlier this month that an Iranian nation-state advanced persistent threat actor that Microsoft calls MERCURY is now actively exploiting Zerologon.
"CISA urges administrators to patch all domain controllers immediately-until every domain controller is updated, the entire infrastructure remains vulnerable, as threat actors can identify and exploit a vulnerable system in minutes," according to the CISA alert.
News URL
https://threatpost.com/microsoft-warns-zerologon-bug/160769/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 5.5 |