The Zerologon vulnerability (also known as (CVE-2020-1472), puts domain controllers running all versions of Windows Server at risk of hijacking from cyber attackers allowing them to take over their network.

Microsoft released a fix against the Zerologon vulnerability as part of its regular patch update in August. But many administrators will not have applied the patch immediately.

On 24th September, Microsoft announced that they had observed in-the-wild attacks where public exploits have been incorporated into attacker playbooks.

Zerologon was described by many security exports as the most dangerous bug revealed this year. The US Department of Homeland Security gave federal agencies three days to patch domain controllers or disconnect them from federal networks.

Other software which supports the Microsoft Netlogon Remote Protocol (MS-NRPC), such as Samba, is also vulnerable to the security hole and should likewise be updated.

Owing to the fact that there are active attacks in the wild and that Zerologon is so easy to exploit , our advice is to install the patch as soon as possible.

If you have an IT Support agreement with Integrity IT Solutions then the good news is that you will have already have had the patch installed by us via our patch management system.

Categories: News