CyberHoot’s Chief Information Security Officer constantly monitors the cybersecurity threats MSPs and SMBs face.
Recently, a critical vulnerability was patched by Microsoft in August 2020. This vulnerability was so severe, it got an extremely rare 10/10 severity rating from Microsoft. If this flaw were weaponized, it could compromise an Enterprise network in under three seconds. Dubbed the “Zerologon” bug, it affects all domain controllers serving the netlogon protocol (when you boot your computer and authenticate to your domain account this protocol is used).
This bug allows an attacker to manipulate netlogon authentication procedures to:
- Impersonate the identity of any computer on a network when trying to authenticate against the domain controller
- Disable security features in the netlogon authentication process
- Change a computer’s password on the domain controller’s Active Directory (a database of all computers joined to a domain, and their passwords)
Microsoft quietly released a patch in August to fix this issue. However, its significance didn’t come to light until last week when security researchers at Secura B.V., a Dutch security firm, published technical details in a whitepaper on their Blog.
CyberHoot strongly recommends that you patch your domain controllers for this vulnerability now, today, before you do anything else. It’s that serious!
ZDNet Article: Zerologon attack lets hackers take over enterprise networks: Patch now
Sophos Video: Sophos Naked Security: NetLogon: Are you at Risk
Microsoft KB: Microsoft CVS-2020-1472