One of this year’s most severe Windows bugs is now under active exploit
L33tdawg: Here's video of Tom Tervoort's presentation from #HITBLockdown about this vuln and his presentation sildes are here (PDF).
One of the highest-impact Windows vulnerabilities patched this year is now under active exploitation by malicious hackers, Microsoft warned overnight, in a development that puts increasing pressure on laggards to update now.
CVE-2020-1472, as the vulnerability is tracked, allows hackers to instantly take control of the Active Directory, a Windows server resource that acts as an all-powerful gatekeeper for all machines connected to a network. Researchers have dubbed the vulnerability Zerologon, because it allows attackers with only minimal access to a vulnerable network to login to the Active Directory by sending a string of zeros in messages that use the Netlogon protocol.
Zerologon carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Despite the high rating, the escalation-of-privileges vulnerability received scant, if any, attention when Microsoft patched it in August, and Microsoft deemed the chances of actual exploitation “less likely.” The security world finally took notice last week with the release of several proof-of-concept exploits and a detailed writeup, which demonstrated severity of the vulnerability and the relative ease in exploiting it.