Microsoft is warning that CVE-2020-1472, a high-impact vulnerability that allows hackers to instantly take control of Windows' Active Directory and was patched this year, is being actively exploited by malicious hackers.
Dubbed Zerologon, the vulnerability gives attackers with low-level privileges to a vulnerable network the ability to send a string of zeros in messages that use the Netlogon protocol to login to the Active Directory and almost instantly gain control.
It also may be possible to exploit Zerologon directly from the Internet with no previous access.
Said Microsoft representatives, "We have observed attacks where public exploits have been incorporated into attacker playbooks."
The U.S. Department of Homeland Security's cybersecurity arm last week gave agencies until Sept. 28 to apply the patch or remove domain controllers from the Internet.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA