Microsoft issues warning about actively exploited Zerologon vulnerability in Windows

Microsoft building in California

It is just days since the CISA (Cybersecurity and Infrastructure Security Agency) issued an emergency warning about a critical Windows vulnerability. Now Microsoft has issued a warning that the vulnerability is being actively exploited and the company is "actively tracking threat actor activity".

The Netlogon EoP vulnerability (CVE-2020-1472) is concerning not just because of its severity, but because of the fact that it can be exploited in a matter of seconds. The security issue affects Windows Server 2008 and above, and enables an attacker to gain admin control of a domain.


See also:

Writing on Twitter, the company said: "Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks".

The security issue was discovered by Tom Tervoort, a security researcher at Secura, and the company went on to publish a technical paper and a proof-of-concept tool.

Microsoft's security intelligence team posted several tweets about the vulnerability:

Microsoft has already issued a patch for the vulnerability, and users are encouraged to install this as soon as possible if they have not done so already. There is also a micropatch available from 0patch aimed at people for whom Microsoft's official patch poses a compatibility issue.

Image credit: Walter Cicchetti / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.