Security News > 2020 > September > Microsoft Says Hackers Actively Targeting Zerologon Vulnerability
Microsoft says it has observed threat actors actively targeting the Zerologon vulnerability affecting Windows Server.
Last week, the United States Department of Homeland Security issued an Emergency Directive requiring all federal agencies to apply the available patches for the Zerologon vulnerability within days.
Several exploits have been released for the flaw, and Microsoft revealed on Wednesday that it had already observed hackers leveraging some of these exploits to actively target vulnerable systems.
"Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks," the company said.
"We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft 365 customers can use threat & vulnerability management data to see patching status," Microsoft said.
News URL
Related news
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 5.5 |