Security News > 2021 > February > Microsoft now forces secure RPC to block Windows Zerologon attacks
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates.
The patch released during the August 2020 Patch Tuesday rolled out in two phases and it forces secure Remote Procedure Call communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.
"February 9, 2021 and superseding Windows Updates enable enforcement mode on all supported Windows Domain Controllers and will block vulnerable connections from non-compliant devices," the updated Zerologon advisory reads.
After the public release of Zerologon exploits, Microsoft warned that they were quickly weaponized by threat actors and were being used to exploit devices vulnerable to ZeroLogon attacks.
Microsoft provides info on the exact steps needed for protecting affected devices against Zerologon attacks.
Microsoft has also added support for Zerologon exploitation detection to Microsoft Defender for Identity in November 2020.
News URL
Related news
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Windows Update downgrade attack "unpatches" fully-updated systems (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)