Microsoft: what about the patch for Zerologon

Microsoft has outlined the steps its customers need to take to ensure that their devices are protected from ongoing attacks using exploits of Windows Server Zerologon (CVE-2020-1472).

The company updated the publication it had issued after its customers found it quite difficult and were not sure whether the application of the updated s was enough to protect vulnerable Windows Server devices from the attacks.

In a step-by-step approach, the updated post explains the exact steps administrators should take to ensure that their machines are protected in the event of an incoming attack designed to exploit Zerologon.

Microsoft outlines the following plan for Windows administrators to follow when implementing “CVE-2020-1472 | The security update of Netlogon Elevation of Privilege Vulnerability released as part of it Patch Tuesday in August 2020:

  1. UPDATED your Domain Controllers with an released August 11, 2020 or later.
  2. FIND which devices are making vulnerable by monitoring event .
  3. ADDRESS non-compliant devices making vulnerable connections.
  4. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

The Zerologon vulnerability

CVE-2020-1472 is a critical security vulnerability with a score of 10/10. It was named Zerologon by the security company Secura and when exploited, it allows intruders to increase privileges in an administrator domain.

This makes it very easy for them to take control of the domain, since they can change it each user's access and run whatever command they want.

The security update released by Microsoft in August can cause authentication on some of the affected devices, so the company released the Zerologon patch in two stages.

The first was released on August 11 as an update security version which will prevent Windows Active Directory domain controllers from using insecure RPC communication.

It also logs authentication requests from non-Windows devices that do not use secure RPC channels to give administrators time to fix the.

From February 9, 2021, as part of its updates , η Microsoft θα κυκλοφορήσει μια άλλη ενημέρωση που θα επιτρέπει μια επιβολής που θα απαιτεί από όλες τις συσκευές δικτύου να χρησιμοποιούν ασφαλές RPC, εκτός κι αν επιτρέπεται ρητά από τους διαχειριστές.

Ongoing Zerologon attacks

Last week, Microsoft warned administrators to urgently implement security updates for Zerologon after discovering that they are being used during attacks.

The Microsoft analyst Intelligence, Kevin Beaumont, confirmed that the attacks began on September 26, with attackers successfully exploiting a vulnerable honeypot on an Active Directory server using a Zerologon exploit.

Yesterday, the Cisco Talos security researchers also warned of "a spike in attempts to exploit the Microsoft CVE-2020-1472 vulnerability."

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).