Expert Comments

Security Expert Re: Microsoft Warns Again About Critical Zerologon Vulnerability

Expert(s): Security Experts
Expert(s): Security Experts

Microsoft issued yet another warning that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). On Windows Server devices where the vulnerability was not patched, attackers can spoof a domain controller account to steal domain credentials and take over the entire domain following successful exploitation.

Experts Comments

Dot Your Expert Comments
Adam Laub
November 02, 2020
CMO
STEALTHbits Technologies

Because non-Windows or homegrown applications and resources may not be able to leverage secure connections via Netlogon at this time.
The continued exploitation of a vulnerability allowing attackers easy and unfettered access to the whole of an organization’s digital resources should come as no surprise. Threat actors will attempt to discover and exploit this vulnerability for as long as it continues to work. However, while sustained vulnerability doesn’t necessarily mean negligence on behalf of organizations that have fallen victim, the most likely excuse as to why they have fallen victim is because they have failed to.....Read More
The continued exploitation of a vulnerability allowing attackers easy and unfettered access to the whole of an organization’s digital resources should come as no surprise. Threat actors will attempt to discover and exploit this vulnerability for as long as it continues to work. However, while sustained vulnerability doesn’t necessarily mean negligence on behalf of organizations that have fallen victim, the most likely excuse as to why they have fallen victim is because they have failed to patch. Because non-Windows or homegrown applications and resources may not be able to leverage secure connections via Netlogon at this time, it has undoubtedly forced some organizations to weigh the risks between the possibility of compromise and the certainty of service downtime. For businesses stuck in this purgatorial state, understanding what is connecting insecurely and taking measures to update these resources via whatever means necessary is the best path forward towards mitigating the risk of this vulnerability both now and in the future.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords