• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
home / News / Microsoft warns again of Windows Zerologon attacks

Microsoft warns again of Windows Zerologon attacks

30/10/2020 09:58 by Anastasis Vasileiadis

Microsoft warned once again today that hackers continue to exploit systems that are not protected against the ZeroLogon vulnerability in the Netlogon Remote Protocol (MS-NRPC).

Screenshot 2020 10 30 Microsoft warns of ongoing attacks using Windows Zerologon flaw - Microsoft warns again of Windows Zerologon attacks

On Windows Server devices where vulnerability has not yet been fixed, intruders can forge a domain controller account to steal credentials and take over the entire domain after a successful intrusion.

"We warmly encourage those who have not installed the update to take this step now. Customers must install the update and follow the initial guidance as described in KB4557222 to ensure that they are fully protected from this vulnerability ", Gupta added.

Reminder to all our Windows customers to deploy at least the August 2020 update or later and follow the original, published guidance to fully resolve the vulnerability, CVE-2020-1472. For further information, see our blog post: https://t.co/br77bEP0mu

- Security Response (@msftsecresponse) October 29, 2020

The Zerologon is a critical vulnerability which allows intruders to upgrade permissions on a domain admin, allowing them to take full control of the entire domain, change each user's password, and execute any arbitrary command.

Microsoft is releasing the Zerologon fix in two stages, as it may cause various authentication issues on some of the affected devices.

Because the initial Zerologon patch documentation was confusing, Microsoft outlined steps for administrators to protect devices from attacks using Zerologon exploits.

The update program mentioned by Microsoft includes the following steps:

INFORMATION of Domain Controllers (domain controllers) with an update released on August 11, 2020 or later.
FIND which devices make vulnerable connections by monitoring event logs.
FIND THE ADDRESS on incompatible devices that make vulnerable connections.
ACTIVATE the enforcement function to deal with it CVE-2020-1472 in your environment.

Microsoft warns again of Windows Zerologon attacks was last modified: October 30, 2020, 4: 56 mm by Anastasis Vasileiadis

Subscribe to our newsletter

no spam

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: server, windows, Zerologon

You May Also Like

What does Ctrl + Z do? More than you think
Troubleshoot oobekeyboard and BIOS problems
Patch Tuesday February (56 vulnerabilities - one 0day)

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « Windows 10: Upcoming driver changes may interrupt plug-and-play
Next Post: Google has published zero day of the Windows kernel »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loadingCancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.