Security News > 2021 > January > Microsoft warns of incoming Windows Zerologon patch enforcement

Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month.

"DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."

The patch released as part of the August 2020 Patch Tuesday updates enables secure Remote Procedure Call communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.

Soon after the news about a Zerologon fix was published in August 2020, researchers published proof-of-concept ZeroLogon exploits allowing attackers to easily gain administrative access to a domain controller.

With public exploits released, Microsoft warned that threat actors quickly adopted them and started exploiting ZeroLogon in attacks.

One month later, Microsoft also added support for Zerologon exploitation detection to Microsoft Defender for Identity making it possible for security teams to detect on-premises attacks trying to abuse this critical vulnerability.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-incoming-windows-zerologon-patch-enforcement/