If your business is running Windows Server, you would be wise to check that you’re patched against the Zerologon vulnerability (also known as CVE-2020-1472.)
The Zerologon vulnerability, discovered by researchers at Secura, puts domain controllers at risk of hijacking by attackers seeking administrator access.
In a technical paper, Secura’s Tom Tervoort shared details of the vulnerability which is said to be easy to exploit, and published a tool which administrators could use to test whether their domain controllers were vulnerable.
Perhaps predictably, there are now several proof-of-concept exploits for the Zerologon vulnerability publicly available.
Sign up to our newsletterSecurity news, advice, and tips.
The good news is that in August Microsoft released a fix against the vulnerability as part of its regular patch update.
The bad news is that there’s a good chance some organisations still haven’t applied them, and Microsoft says that hackers are now actively exploiting Zerologon in real-world attacks.
Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have ..
Support the originator by clicking the read the rest link below.