Security News > 2021 > January > Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’
Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw.
Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.
Domain Controller enforcement mode "Will block vulnerable connections from non-compliant devices," said Aanchal Gupta, VP of engineering with Microsoft in a Thursday post.
"DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."
The enforcement mode "Is a welcome move because it is such a potentially damaging vulnerability that could be used to hijack full Domain Admin privileges - the 'Crown Jewels' of any network providing an attacker with God-mode for the Windows server network," Mark Kedgley, CTO at New Net Technologies, told Threatpost.
Gupta for his part said that organizations can take four steps to avoid the serious flaw: Updating their domain controllers to an update released Aug. 11, 2020, or later; find which devices are making vulnerable connections; addressing those non-compliant devices making the vulnerable connections; and enabling domain controller enforcement.
News URL
https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/
Related news
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Microsoft announces deprecation of 1024-bit RSA keys in Windows (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)