6 Things to Know About the Microsoft 'Zerologon' Flaw

6 Things to Know About the Microsoft 'Zerologon' Flaw
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.

Concerns over a critical vulnerability that Microsoft disclosed in its Windows Netlogon Remote Protocol (MS-NRPC) in August were considerably heightened this week following reports of attackers actively targeting the flaw.


On Thursday, Microsoft via a series of tweets that urged organizations to immediately apply a patch it had issued for the bug (CVE-2020-1472) — which many have begun referring to as the Zerologon vulnerability.


"We have observed attacks where public exploits have been incorporated into attacker playbooks," the company warned. "We strongly recommend customers to immediately apply security updates for CVE-2020-1472."


The Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) heightened the sense of urgency with its own alert urging IT administrators to patch all domain controllers immediately. The agency released a patch validation script that it said organizations could quickly use to detect Microsoft domain controllers that still needed to be patched against the flaw.


"Until every domain controller is updated, the entire infrastructure remains vulnerable," the CISA advisory said.


CISA's alert Thursday followed another one from the DHS on Monday directing all federal agencies to patch CVE-2020-1472 no later than end of day Sept. 21.


Here's what you need to know about the vulnerability and why you need to address it immed ..