The ZeroLogon Exploit (CVE-2020-1472)

by

September 22, 2020

Microsoft-Logo-2012

If you haven’t installed Microsoft’s August patch updates for your Active Directory domain controllers, you might want to reconsider. A brand new exploit (officially called CVE-2020-1472 by Microsoft and Zerologon by Tom Tervoort, the researcher who discovered it) allows an attacker to compromise an unpatched Active Directory domain controller via just a TCP connection without the need for any domain credentials.

“The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol,” said Tervoort in a recent post on the Secura website blog (which you can read here). “This flaw allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.”

According to Secura, attackers can follow as few as five steps to leverage the exploit. You can read about those steps directly on the Secura website here.

So what should you do? Patch, patch, patch!

As I mentioned above, Microsoft already took care of some of the issues in last month’s patch package. They’ll be releasing another round of patches in Q1 of next year (2021) that should resolve the issue completely.

Until then, Secura has released a free tool on GitHub that will tell you if your Domain Controler is vulnerable or not. It’s a simple Python script and should be relatively easy to implement. You can find that here. Otherwise, you can try to use a tool like OpenVAS to see if you’re vulnerable. Ultimately it’s good to scan for vulnerabilities from time to time. Vulnerability scanning is a part of a healthy cybersecurity ecosystem.

For any additional information, I recommend checking out Microsoft’s information page for CVE-2020-1472.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

How Microsoft 365 management is a game-changer for law firms

How Microsoft 365 management is a game-changer for law firms

Law firms are investing in technologies for operational efficiency and to become more competitive in a crowded market. Increasingly, managed service providers (MSPs) are helping law firms with Microsoft 365 management so that law firms can operate more efficiently and...

Anchor Links Test

This is a test of using anchor links to form a TOC. Table of Contents: Header One Header Two Proin finibus euismod maximus. Vivamus non volutpat nisi. Nullam ac porta diam. Nullam id tortor a ante mattis elementum. Integer vel lorem id velit pharetra venenatis a ut...

Is DeepSeek Safe for My Company’s Systems?

Is DeepSeek Safe for My Company’s Systems?

China’s new DeepSeek AI engine Has Ushered in a New Era of Fast-Turn, Low-Cost AI Tools. But Are the Risks Worth the Rewards for US Companies? Key Takeaways: China's DeepSeek has been hailed as the nimble new competitor to US large language AI models—an alternative...