Security Expert Re: Microsoft Warns Again About Critical Zerologon Vulnerability

Microsoft issued yet another warning that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). On Windows Server devices where the vulnerability was not patched, attackers can spoof a domain controller account to steal domain credentials and take over the entire domain following successful exploitation.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Adam Laub
Adam Laub , CMO
InfoSec Expert
November 2, 2020 10:59 am

The continued exploitation of a vulnerability allowing attackers easy and unfettered access to the whole of an organization’s digital resources should come as no surprise. Threat actors will attempt to discover and exploit this vulnerability for as long as it continues to work.

However, while sustained vulnerability doesn’t necessarily mean negligence on behalf of organizations that have fallen victim, the most likely excuse as to why they have fallen victim is because they have failed to patch. Because non-Windows or homegrown applications and resources may not be able to leverage secure connections via Netlogon at this time, it has undoubtedly forced some organizations to weigh the risks between the possibility of compromise and the certainty of service downtime.

For businesses stuck in this purgatorial state, understanding what is connecting insecurely and taking measures to update these resources via whatever means necessary is the best path forward towards mitigating the risk of this vulnerability both now and in the future.

Last edited 1 year ago by Adam Laub
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x