Security News > 2020 > September > Microsoft Says Hackers Actively Targeting Zerologon Vulnerability
Microsoft says it has observed threat actors actively targeting the Zerologon vulnerability affecting Windows Server.
Last week, the United States Department of Homeland Security issued an Emergency Directive requiring all federal agencies to apply the available patches for the Zerologon vulnerability within days.
Several exploits have been released for the flaw, and Microsoft revealed on Wednesday that it had already observed hackers leveraging some of these exploits to actively target vulnerable systems.
"Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks," the company said.
"We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft 365 customers can use threat & vulnerability management data to see patching status," Microsoft said.
News URL
Related news
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)