Microsoft is calling on companies worldwide to fix a vulnerability in Netlogon on Windows Server. According to the company, that vulnerability is under active attack, despite the patch that has been out since August.
This is a vulnerability in the Netlogon protocol, which authenticates users on a domain. The protocol runs on Windows Server. In August, Microsoft released a patch for a vulnerability in that protocol. With that leak, with code CVE-2020-1472, an attacker could spoof a domain controller account and steal credentials and take over the domain. The vulnerability was in Windows Server 2008 R2, 2012, 2012 R2, 2016 and 2019. De patch was in KB4557222. At the time also warned the Dutch Digital Trust Center for the vulnerability.
Microsoft now warns again for the exploit. This time, the warning is more serious, as the company says the vulnerability is being actively exploited. It concerns ‘a small number of reports’ from users. “We strongly encourage anyone who has not yet implemented the update to do so now,” Microsoft said. It is not known how many victims are affected by the attacks and what type of companies they are.
Microsoft is not the only party currently warning about the exploitation. Which also comes from it CISA, the US Cybersecurity and Infrastructure Security Agency. “Until every domain controller is updated, the entire infrastructure is vulnerable,” writes the government agency. The institution has released a script that allows system administrators to see if there are unprotected systems on their network.
–