Security News > 2021 > February > Microsoft now forces secure RPC to block Windows Zerologon attacks
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates.
The patch released during the August 2020 Patch Tuesday rolled out in two phases and it forces secure Remote Procedure Call communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.
"February 9, 2021 and superseding Windows Updates enable enforcement mode on all supported Windows Domain Controllers and will block vulnerable connections from non-compliant devices," the updated Zerologon advisory reads.
After the public release of Zerologon exploits, Microsoft warned that they were quickly weaponized by threat actors and were being used to exploit devices vulnerable to ZeroLogon attacks.
Microsoft provides info on the exact steps needed for protecting affected devices against Zerologon attacks.
Microsoft has also added support for Zerologon exploitation detection to Microsoft Defender for Identity in November 2020.
News URL
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)