Warning: Attackers Exploiting Windows Server Vulnerability

Warning: Attackers Exploiting Windows Server Vulnerability

Forensics , Governance & Risk Management , IT Risk Management

Attacks Targeting 'Zerologon' Vulnerability Spotted in the Wild Akshaya Asokan (asokan_akshaya) • September 25, 2020    

Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.


See Also: Why Zero Trust is Critical for Scaling Through the Remote Workforce


CISA had previously ordered federal agencies to apply the patch by Tuesday before issuing its second alert on Thursday that the vulnerability, which is tracked as CVE-2020-1472 is now being exploited (see: CISA Pushes Government Agencies to Patch 'Zerologon' Flaw).


The Zerologon vulnerability was given a CVSS score of 10 - the most critical.


Microsoft Sounds Alarm


On Wednesday, the Microsoft Security Intelligence team issued its alert warning that attackers were exploiting the Zerologon vulnerability. "We have observed attacks where public exploits have been incorporated into attacker playbooks," Microsoft warns.



Microsoft 365 customers can refer to the threat analytics report we published in Microsoft Defender Security Center. The thre ..