Security News > 2021 > January > Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw.
Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.
Domain Controller enforcement mode "Will block vulnerable connections from non-compliant devices," said Aanchal Gupta, VP of engineering with Microsoft in a Thursday post.
"DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."
The enforcement mode "Is a welcome move because it is such a potentially damaging vulnerability that could be used to hijack full Domain Admin privileges - the 'Crown Jewels' of any network providing an attacker with God-mode for the Windows server network," Mark Kedgley, CTO at New Net Technologies, told Threatpost.
Gupta for his part said that organizations can take four steps to avoid the serious flaw: Updating their domain controllers to an update released Aug. 11, 2020, or later; find which devices are making vulnerable connections; addressing those non-compliant devices making the vulnerable connections; and enabling domain controller enforcement.
News URL
https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
- Microsoft delays Windows Recall again, now by December (source)
- Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft Notepad to get AI-powered rewriting tool on Windows 11 (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)