A vulnerability in the Windows Server is currently being actively exploited by hackers. A month ago, Microsoft already released a patch to fix the problem. Users can easily fix the vulnerability by installing the August 2020 patch from Microsoft. The problem is that users often don’t actively update their installations.
ZeroLogon: that’s what cybersecurity professionals call the vulnerability. Microsoft has given it the name ‘Netlogon EoP’. The vulnerability has the highest score on the CVE scale. Microsoft already released a patch for the bug during Patch Tuesday last August. The vulnerability allows an attacker to connect to a vulnerable domain controller via the Netlogon Remote Protocol. Hackers can then give themselves administrative rights.
According to cybersecurity company Secura, it is an interesting vulnerability that gives an attacker a strong position in a victim’s internal network. The flaw makes it easy and quick to break into a network. A hacker can be himself Create Domain Admin with just one click.
Free game
Because many Windows users have not yet installed the latest patch, hackers have free rein to exploit the vulnerability. “Even now that CISA has ordered the patch that Microsoft released on August 11th to install immediately, patch management turns out to be not that easy. ” Terence Jackson, chief information security officer at Thycotic Software Ltd. On SiliconANGLE.
“Due to the nature of the vulnerability, attackers continue to look for companies that are vulnerable and try to use them. If an attacker gains domain administrator rights on a network, it is game over. Companies and agencies need to identify their vulnerable servers and patch them as soon as possible, ”explains Jackson.
How the ZeroLogon attacks started
According to Brian Davis, director of federal security solutions at Vectra AI Inc. Vulnerabilities like ZeroLogon are a reminder of the weaknesses of cybersecurity tools that rely too much on signatures. “They provide a certain level of protection against the abuse, albeit after the harm has already been done. In many cases it is already too late ”
Scott Caveza, research engineering manager at cyber exposure company Tenable Inc. links the exploit of the vulnerability to Secura’s blog. “Shortly after Secura’s blog on ZeroLogon’s impact and technical information was published, several proof-of-concept scripts emerged,” explains Caveza. “In the hours and days since, we saw an increase in the number of scripts available to test and exploit the bug,” said Caveza.
–
:quality(80)/cdn-kiosk-api.telegraaf.nl/d59cb1e4-ff10-11ea-9d08-0218eaf05005.png "Windfall Galapagos gives AEX profit | Financial")
