ZeroLogon Bites Back

by

September 29, 2020

Last week we posted a blog article regarding the ZeroLogon exploit, or CVE-2020-1472. At the time there were no documented attacks leveraging the exploit. That’s changed.

According to a post on Microsoft’s Twitter account, the exploit has already been added to attacker’s playbook.

If you’re unfamiliar, CVE-2020-1472 allows an attacker obtain admin access to unprotected Windows domain controllers. The CVE has a CVSS rank of 10 and impacts Server 2009 through Sever 2019.

Microsoft did release the first part of of a two pronged solution to the problem in August, with the second part expected early 2021. If you haven’t had a chance to patch your domain controllers, I highly recommend doing so.

If you’re worried, or concerned that you’re vulnerable, cybersecurity research firm Secura has released a free tool on GitHub that will tell you if your Domain Controler is vulnerable or not. It’s a simple Python script and should be relatively easy to implement. You can find that here.

Otherwise, you can try to use a tool like OpenVAS to see if you’re vulnerable. Ultimately it’s good to scan for vulnerabilities from time to time. Vulnerability scanning is a part of a healthy cybersecurity ecosystem.

For any additional information, I recommend checking out Microsoft’s information page for CVE-2020-1472.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...