Last week we posted a blog article regarding the ZeroLogon exploit, or CVE-2020-1472. At the time there were no documented attacks leveraging the exploit. That’s changed.
According to a post on Microsoft’s Twitter account, the exploit has already been added to attacker’s playbook.
If you’re unfamiliar, CVE-2020-1472 allows an attacker obtain admin access to unprotected Windows domain controllers. The CVE has a CVSS rank of 10 and impacts Server 2009 through Sever 2019.
Microsoft did release the first part of of a two pronged solution to the problem in August, with the second part expected early 2021. If you haven’t had a chance to patch your domain controllers, I highly recommend doing so.
If you’re worried, or concerned that you’re vulnerable, cybersecurity research firm Secura has released a free tool on GitHub that will tell you if your Domain Controler is vulnerable or not. It’s a simple Python script and should be relatively easy to implement. You can find that here.
Otherwise, you can try to use a tool like OpenVAS to see if you’re vulnerable. Ultimately it’s good to scan for vulnerabilities from time to time. Vulnerability scanning is a part of a healthy cybersecurity ecosystem.
For any additional information, I recommend checking out Microsoft’s information page for CVE-2020-1472.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.