LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Microsoft Says Hackers Actively Targeting Zerologon Vulnerability

3 years ago 135
BOOK THIS SPACE FOR AD
ARTICLE AD

Microsoft says it has observed threat actors actively targeting the Zerologon vulnerability affecting Windows Server.

Tracked as CVE-2020-1472, the security flaw is related to the Netlogon remote protocol (MS-NRPC) and it could result in an unauthenticated attacker gaining domain administrator access through leveraging a specially crafted application that runs on a device on the network.

The attacker could abuse the flaw when establishing “a vulnerable Netlogon secure channel connection to a domain controller,” Microsoft said in an advisory. The tech giant released patches to address the flaw on August 2020 Patch Tuesday.

Last week, the United States Department of Homeland Security (DHS) issued an Emergency Directive requiring all federal agencies to apply the available patches for the Zerologon vulnerability within days.

“This vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said.

Also last week, Samba announced patches for the Zerologon flaw, explaining that Samba implements the Netlogon protocol and that it’s vulnerable when used as domain controller only.

Several exploits have been released for the flaw, and Microsoft revealed on Wednesday that it had already observed hackers leveraging some of these exploits to actively target vulnerable systems.

“Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks,” the company said.

The company also released indicators of compromise (IoC) for these exploits and encourages customers to apply the available fixes as soon as possible.

“We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft 365 customers can use threat & vulnerability management data to see patching status,” Microsoft said.

The tech giant also promised to share additional information on these attacks as the situation evolves.

Related: Samba Issues Patches for Zerologon Vulnerability

Related: DHS Orders Federal Agencies to Immediately Patch 'Zerologon' Vulnerability

Related: Actively Exploited Windows Spoofing Flaw Patched Two Years After Disclosure

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Read Entire Article
  3. Microsoft Says Hackers Actively Targeting Zerologon Vulnerability

Related

Clever Social Engineering Attack Using Captchas

Clever Social Engineering Attack Using Captchas

Ivanti patches exploited admin command execution flaw

Ivanti patches exploited admin command execution flaw

Google Now Syncing Passkeys Across Desktop, Android Devices

Google Now Syncing Passkeys Across Desktop, Android Devices

UN Experts Urge United Nations to Lay Foundations for Global Governance of Artificial Intelligence

UN Experts Urge United Nations to Lay Foundations for Global Governance of Artificial Intelligence

In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted

In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted

Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China

Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China

Trending

1. Kaviyoor Ponnamma
2. Afghanistan vs South Africa
3. Yudhra
4. RITES share price
5. Arkade Developers IPO allotment status
6. Travis Head
7. Ramayana: The Legend of Prince Rama
8. FC Barcelona
9. Barcelona
10. Arsenal

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved