Zerologon vulnerability in Windows Server: US government has four days to patch

The Cybersecurity and Infrastructure Security Agency has issued an emergency policy due to a critical Windows Server vulnerability.

US government admins have received an order to patch Windows Servers in US government offices within four days. The reason for this is a classified as “critical” Rated vulnerability (CVE-2020-1472) with the highest score (CVSS Score 10 out of 10). Admins worldwide should take the vulnerability seriously and install the available security updates.

The emergency policy comes from the Cybersecurity and Infrastructure Security Agency (CISA) and was imposed on September 18, 2020. Government admins have until September 21 to secure systems. If attackers successfully target the vulnerability, they could take over entire domains as admins.

The vulnerability affects the Netlogon protocol. For an attack to be successful, an attacker would have to connect to a domain controller via the Netlogon Remote Protocol (MS-NRPC). He does not have to be registered for this. However, access to a vulnerable network is essential. Security researchers from Secura have compiled more details on the vulnerability in a document.

If an attack works, an attacker could execute their own code and promote themselves to admin. Microsoft lists the affected Windows server versions in a warning message. There you will also find information about the security updates.

Microsoft published the security patch in August. Exploit code surfaced in mid-September. CISA classifies the gap as a threat to national security. Admins now need to act and update servers. If this is not possible, vulnerable servers must be taken offline. CISA is requesting a report on the Windows server situation on September 23, 2020.

Rate article
Leave a Reply