Microsoft warns again of Windows Zerologon attacks

Microsoft warned once again today that hackers continue to exploit systems unprotected against the ZeroLogon vulnerability in Netlogon Remote (MS-NRPC).

On Windows Server devices where vulnerability has not yet been fixed, intruders can forge a domain controller account to steal credentials and take over the entire domain after a successful intrusion.

"We warmly encourage those who have not installed the update to take this step now. Customers must install the update and follow the initial guidance as described in KB4557222 to ensure that they are fully protected from this vulnerability ", Gupta added.

The Zerologon is a critical vulnerability allowing intruders to upgrade permissions to a domain administrator, allowing them to take full control of the entire domain, of any user and execute any arbitrary command.

Microsoft is releasing the Zerologon fix in two stages, as it may cause various authentication issues on some of the affected devices.

Because the original documentation on the update Zerologon was confused, Microsoft outlined the steps administrators should take to protect devices from attacks using Zerologon farms.

The update program mentioned by Microsoft includes the following steps:

INFORMATION of Domain Controllers (domain controllers) with an update released on August 11, 2020 or later.
FIND which devices make vulnerable connections by monitoring event logs.
FIND THE ADDRESS on incompatible devices that make vulnerable connections.
ACTIVATE the enforcement function to deal with it CVE-2020-1472 in your environment.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).