- Joined
- May 15, 2016
- Messages
- 14,570
- Likes
- 2,645
- Points
- 1,730
The vulnerability is related to the use of an unreliable cryptographic algorithm in the Netlogon authentication mechanism.
Users who have not yet installed the August Windows service pack have another good reason to do so as soon as possible. The fact is that the specialists of the Dutch company Secura BV released details about the privilege escalation vulnerability in Netlogon, which can be used to intercept control of Windows Server servers acting as a domain controller in a corporate network.
Microsoft has partially fixed CVE-2020-1472with the release of the security update package in August this year, but only in September revealed some details about it. The severity of the vulnerability is estimated at 10 maximum points according to the CVSSv3 classification.
As Secura experts explained, the vulnerability, dubbed Zerologon, is associated with the use of an unreliable cryptographic algorithm in the Netlogon authentication mechanism. It allows an attacker to impersonate any computer on the network by authenticating to a domain controller, disable Netlogon security features, or change the password in the domain controller's Active Directory database.
The essence of the attack is to add zeros to certain Netlogon authentication parameters (hence the name of the vulnerability). The entire attack takes no more than three seconds, but it has a number of limitations. In particular, this method only works if the attacker has access to the internal network.
Microsoft intends to fix the vulnerability in two stages: as part of the first, the company released an interim fix as part of the August patches, making it mandatory to use the Netlogon security features (which the Zerologon attack disables) during authentication, while the company promises to release a more complete patch in Q1 2021.
__________________
Users who have not yet installed the August Windows service pack have another good reason to do so as soon as possible. The fact is that the specialists of the Dutch company Secura BV released details about the privilege escalation vulnerability in Netlogon, which can be used to intercept control of Windows Server servers acting as a domain controller in a corporate network.
Microsoft has partially fixed CVE-2020-1472with the release of the security update package in August this year, but only in September revealed some details about it. The severity of the vulnerability is estimated at 10 maximum points according to the CVSSv3 classification.
As Secura experts explained, the vulnerability, dubbed Zerologon, is associated with the use of an unreliable cryptographic algorithm in the Netlogon authentication mechanism. It allows an attacker to impersonate any computer on the network by authenticating to a domain controller, disable Netlogon security features, or change the password in the domain controller's Active Directory database.
The essence of the attack is to add zeros to certain Netlogon authentication parameters (hence the name of the vulnerability). The entire attack takes no more than three seconds, but it has a number of limitations. In particular, this method only works if the attacker has access to the internal network.
Microsoft intends to fix the vulnerability in two stages: as part of the first, the company released an interim fix as part of the August patches, making it mandatory to use the Netlogon security features (which the Zerologon attack disables) during authentication, while the company promises to release a more complete patch in Q1 2021.
__________________