Skip to main content

One of this year’s most severe Windows bugs is now under active exploit

posted onSeptember 24, 2020
by l33tdawg
Arstechnica
Credit: Arstechnica

L33tdawg: Here's video of Tom Tervoort's presentation from #HITBLockdown about this vuln and his presentation sildes are here (PDF).

One of the highest-impact Windows vulnerabilities patched this year is now under active exploitation by malicious hackers, Microsoft warned overnight, in a development that puts increasing pressure on laggards to update now.

CVE-2020-1472, as the vulnerability is tracked, allows hackers to instantly take control of the Active Directory, a Windows server resource that acts as an all-powerful gatekeeper for all machines connected to a network. Researchers have dubbed the vulnerability Zerologon, because it allows attackers with only minimal access to a vulnerable network to login to the Active Directory by sending a string of zeros in messages that use the Netlogon protocol.

Zerologon carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Despite the high rating, the escalation-of-privileges vulnerability received scant, if any, attention when Microsoft patched it in August, and Microsoft deemed the chances of actual exploitation “less likely.” The security world finally took notice last week with the release of several proof-of-concept exploits and a detailed writeup, which demonstrated severity of the vulnerability and the relative ease in exploiting it.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th