• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / News / Critical vulnerability in Windows! Update immediately!

Critical vulnerability in Windows! Update immediately!

16/09/2020 09:05 by Anastasis Vasileiadis

Security researchers have released exploits for the vulnerability of Windows Zerologon CVE-2020-1472 that allow a hacker to gain control of a Windows domain.

As part of the Patch Tuesday, August 2020, security updates, Microsoft fixed a critical security vulnerability with a 10/10 rating known as “CVE-2020-1472 | Netlog Elevation of Privilege Vulnerability".

Zerologon Vulnerability - Critical Vulnerability in Windows! Update immediately!

After successfully exploiting this vulnerability, attackers can upgrade their privileges to a domain, and become full-fledged administrators.

The company Secura, which discovered this vulnerability, released a detailed description of the vulnerability, which it named Zerologon.

When a user connects a Windows device to a domain, they use the Netlogon Remote Protocol (MS-NRPC) via RPC to communicate with the controller and authenticate the user.

If a user logs in with the correct credentials, the domain controller tells the device to enable authentication with the appropriate permissions. Those who have the wrong credentials will obviously not be able to log in.

As authentication efforts are critical, Windows sends authentication requests over an encrypted, secure RPC connection

Secura researcher Tom Tervoort has discovered that it is possible to force domain controllers to return an unencrypted RPC communication when executing authentication requests.

After insecure RPC communication returned, Tervoort could use a flaw in the Netlogon AES-CFB8 encryption trading algorithm to try to forge a successful connection.

In Tervoort tests, it took an average of 256 attempts to forge a successful connection.

This manipulation can deceive a device and connect the user to the system as a domain administrator.

Screenshot 2020 09 16 Windows Zerologon PoC exploits allow domain takeover Patch Now - Κρίσιμη ευπάθεια στα Windows! Update immediately!

 

Once a hacker gains administrator rights on the network, he gains full access to the domain controller. So it can change users' passwords and execute any command it wishes.

What makes this vulnerability so frightening is that an attacker does not even need credentials on the domain but can forge them to make any login attempt successful.

Rich Warren of the NCC Group and many others released various PoCs yesterday that allow you to gain domain administrator privileges in ten seconds.

0-Domain Admin in 10 seconds with Zerologon (CVE-2020-1472)

Using @_dirkjan 's NetrServerPasswordSet2 commit to impacket 😀🥳 pic.twitter.com/PELfKJCQLV

- Rich Warren (@buffaloverflow) September 14, 2020

Yeah, I can confirm that this public exploit for Zerologon (CVE-2020-1472) works. Anybody who has not installed the patch from August's Patch Tuesday is already going to be in much worse shape than they already were.https://t.co/SWK2hUDOYc https://t.co/0SDFfageQC pic.twitter.com/Lg8auMdtVU

- Will Dormann (@wdormann) September 14, 2020

As fixing a vulnerability in Zerologon could cause some devices to be authenticated incorrectly, Microsoft has begun repairing it in two steps.

The first phase was released on August 11 in the form of an update that prevents Windows Active Directory domain controllers from using unsecured RPC communication.

This update also records all authentication requests from devices that do not use secure RPC communication.

On February 9, 2021, as part of the Patch Tuesday updates, Microsoft will release a second update that will require all network devices to use secure RPCs unless expressly permitted by an administrator.

It is recommended that Windows administrators develop the first step in updating Active Directory domain controller to protect their network.

Secura has been released a tool which allows you to check if the domain controller you are using is vulnerable to Zerologon vulnerability (CVE-2020-1472).

Critical vulnerability in Windows! Update immediately! was last modified: 16 September, 2020, 9: 05 am by Anastasis Vasileiadis

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: 0day, windows

You May Also Like

Patch Tuesday January 2021 - 83 vulnerabilities (1 0day)
Windows Fix boot errors by displaying an Options screen
How to use the Whoami command

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « Apple One Trillion wants you to buy chargers
Next Post: CCleaner 5.71 with privacy fixes? »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.