Emergency Alert: Zerologon
Brace yourselves; Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency alert over a very serious Windows flaw. So serious in fact, that security researchers gave it a 10 rating, which is the highest severity score that can be given. When the CISA issued the alert, they suggested that everyone (including private companies, governmental agencies, and the general public) get patched immediately.
So what’s the emergency alert for? Microsoft confirmed they found evidence of hackers taking advantage of Zerologon. Zerologon can be dangerous because it allows individuals the ability to hack into computers without stealing any credentials ahead of time. This is done by forging an authentication token for a Netlogon functionality. After hackers are able to get into the network, they can then use additional malware to infect computers and pull data from those computers.
Although the CISA sent out a warning, there is no guarantee that every user or organization patched their network. Supported versions of the Windows Server, including Server 2008 through to Server 2019, are the ones most at risk for this flaw. If you or your organization is targeted by a Zerologon attack before any patches are put into place, your network can be at serious risk.
Luckily, Microsoft has addressed the problem by tweeting they are “actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon.” The fact that Microsoft is aware of the problem and actively trying to resolve it is a huge positive. In the meantime, as CISA says, “get patching!”
Categorised in: IT Threat