Security News > 2021 > January > Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
2021-01-15 21:47

Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw.

Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.

Domain Controller enforcement mode "Will block vulnerable connections from non-compliant devices," said Aanchal Gupta, VP of engineering with Microsoft in a Thursday post.

"DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."

The enforcement mode "Is a welcome move because it is such a potentially damaging vulnerability that could be used to hijack full Domain Admin privileges - the 'Crown Jewels' of any network providing an attacker with God-mode for the Windows server network," Mark Kedgley, CTO at New Net Technologies, told Threatpost.

Gupta for his part said that organizations can take four steps to avoid the serious flaw: Updating their domain controllers to an update released Aug. 11, 2020, or later; find which devices are making vulnerable connections; addressing those non-compliant devices making the vulnerable connections; and enabling domain controller enforcement.


News URL

https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399