For their own attacks scores of skilled attackers attempt to use any critical security bug as soon as it is publicized. A new critical security vulnerability with a 10/10 CVSS score, tracked as CVE-2020-1472 and named Zerologon was treated similarly.
Microsoft posted a series of tweets with warnings about Zerologon exploits through their Twitter account. These exploits are actively being used by attackers to target Windows domain controllers. Samples of .NET executables were also provided. These samples were being used to exploit the Netlogon elevation of privilege vulnerability (CVE-2020-1472).
- By following the instructions in its support bulletin, Microsoft has urged all Windows Server administrators to immediately install the security update for CVE-2020-1472.
- An emergency directive was also released by the DHS CISA for government agencies to patch this extremely dangerous vulnerability by September 21.
- Various tools to check if a domain controller is vulnerable to the Zerologon attack (CVE-2020-1472) were also launched during the same timeframe.
Similar Domain Controller Threats
- Access to administrator accounts and Windows domain controllers were targeted by the DarkSide ransomware that had begun attacking organizations with customized attacks only last month.
- Tycoon ransomware was used to target an organization, attacking its domain controller and file servers, and locking the system administrators out of their systems from June this year.
Every major vulnerability affecting enterprise systems are continuously being exploited by hackers. Our experts suggest adopting a proactive approach to security to defend against such threats. They also recommend automated patch management and frequent configuration audits to prevent the exploitation of any recent vulnerabilities.
To read more, please check eScan Blog