Security News > 2021 > January > Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw.
Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.
Domain Controller enforcement mode "Will block vulnerable connections from non-compliant devices," said Aanchal Gupta, VP of engineering with Microsoft in a Thursday post.
"DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."
The enforcement mode "Is a welcome move because it is such a potentially damaging vulnerability that could be used to hijack full Domain Admin privileges - the 'Crown Jewels' of any network providing an attacker with God-mode for the Windows server network," Mark Kedgley, CTO at New Net Technologies, told Threatpost.
Gupta for his part said that organizations can take four steps to avoid the serious flaw: Updating their domain controllers to an update released Aug. 11, 2020, or later; find which devices are making vulnerable connections; addressing those non-compliant devices making the vulnerable connections; and enabling domain controller enforcement.
News URL
https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/
Related news
- Microsoft may have revealed Windows 11 24H2 is coming this month (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- Microsoft: Windows Recall now can be removed, is more secure (source)
- Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)