The ZeroLogon Exploit (CVE-2020-1472)

by

September 22, 2020

Microsoft-Logo-2012

If you haven’t installed Microsoft’s August patch updates for your Active Directory domain controllers, you might want to reconsider. A brand new exploit (officially called CVE-2020-1472 by Microsoft and Zerologon by Tom Tervoort, the researcher who discovered it) allows an attacker to compromise an unpatched Active Directory domain controller via just a TCP connection without the need for any domain credentials.

“The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol,” said Tervoort in a recent post on the Secura website blog (which you can read here). “This flaw allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.”

According to Secura, attackers can follow as few as five steps to leverage the exploit. You can read about those steps directly on the Secura website here.

So what should you do? Patch, patch, patch!

As I mentioned above, Microsoft already took care of some of the issues in last month’s patch package. They’ll be releasing another round of patches in Q1 of next year (2021) that should resolve the issue completely.

Until then, Secura has released a free tool on GitHub that will tell you if your Domain Controler is vulnerable or not. It’s a simple Python script and should be relatively easy to implement. You can find that here. Otherwise, you can try to use a tool like OpenVAS to see if you’re vulnerable. Ultimately it’s good to scan for vulnerabilities from time to time. Vulnerability scanning is a part of a healthy cybersecurity ecosystem.

For any additional information, I recommend checking out Microsoft’s information page for CVE-2020-1472.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...