Security News > 2021 > February > Microsoft now forces secure RPC to block Windows Zerologon attacks
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates.
The patch released during the August 2020 Patch Tuesday rolled out in two phases and it forces secure Remote Procedure Call communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.
"February 9, 2021 and superseding Windows Updates enable enforcement mode on all supported Windows Domain Controllers and will block vulnerable connections from non-compliant devices," the updated Zerologon advisory reads.
After the public release of Zerologon exploits, Microsoft warned that they were quickly weaponized by threat actors and were being used to exploit devices vulnerable to ZeroLogon attacks.
Microsoft provides info on the exact steps needed for protecting affected devices against Zerologon attacks.
Microsoft has also added support for Zerologon exploitation detection to Microsoft Defender for Identity in November 2020.
News URL
Related news
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)