The ZeroLogon Exploit (CVE-2020-1472)

by

September 22, 2020

Microsoft-Logo-2012

If you haven’t installed Microsoft’s August patch updates for your Active Directory domain controllers, you might want to reconsider. A brand new exploit (officially called CVE-2020-1472 by Microsoft and Zerologon by Tom Tervoort, the researcher who discovered it) allows an attacker to compromise an unpatched Active Directory domain controller via just a TCP connection without the need for any domain credentials.

“The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol,” said Tervoort in a recent post on the Secura website blog (which you can read here). “This flaw allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.”

According to Secura, attackers can follow as few as five steps to leverage the exploit. You can read about those steps directly on the Secura website here.

So what should you do? Patch, patch, patch!

As I mentioned above, Microsoft already took care of some of the issues in last month’s patch package. They’ll be releasing another round of patches in Q1 of next year (2021) that should resolve the issue completely.

Until then, Secura has released a free tool on GitHub that will tell you if your Domain Controler is vulnerable or not. It’s a simple Python script and should be relatively easy to implement. You can find that here. Otherwise, you can try to use a tool like OpenVAS to see if you’re vulnerable. Ultimately it’s good to scan for vulnerabilities from time to time. Vulnerability scanning is a part of a healthy cybersecurity ecosystem.

For any additional information, I recommend checking out Microsoft’s information page for CVE-2020-1472.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...

7 Signs Your Denver Business Needs a Tech Update

Regardless of size or industry, technology is an essential part of every Denver business. That being said, technological improvements and advancements can develop quite quickly, leaving some businesses scrambling to keep up. While many businesses cite expenses in the...

Cybersecurity best practices for Boston Businesses

Securing your businesses sensitive data, networks, and devices is non-negotiable in the technologically-driven world we live in. Whether you are a small business or or corporation in Boston, it is imperative that you prioritize cybersecurity. It is no longer enough to...