/* ---- Google Analytics Code Below */

Thursday, October 01, 2020

Microsoft Zerologon Threat

Have now seen this reported from several directions.  Actively being exploited.  Microsoft admits it.   Unclear though what is being done about it.   I seem to be getting many MS system updates.  Is this like 'ransomware' a fundamental serious 'breakthrough', for breaking computing systems? 

One of This Year's Most Severe Windows Bugs Is Now Under Active Exploit  By Ars Technica

Microsoft is warning that CVE-2020-1472, a high-impact vulnerability that allows hackers to instantly take control of Windows' Active Directory and was patched this year, is being actively exploited by malicious hackers.

Dubbed Zerologon, the vulnerability gives attackers with low-level privileges to a vulnerable network the ability to send a string of zeros in messages that use the Netlogon protocol to login to the Active Directory and almost instantly gain control. It also may be possible to exploit Zerologon directly from the Internet with no previous access. Said Microsoft representatives, "We have observed attacks where public exploits have been incorporated into attacker playbooks."

The U.S. Department of Homeland Security's cybersecurity arm last week gave agencies until Sept. 28 to apply the patch or remove domain controllers from the Internet.

From Ars Technica

No comments: