Last month Microsoft has patched one of the most serious vulnerability reported to the company ever, a bug that if abused would easily allow actors to overtake Windows Server running as domain controllers in enterprise networks. The vulnerability received the maximum 10 out of 10 severity rating and the details were never made public, until now.
The entire attack is very quick and can take a few seconds to execute if automated effectively. An attacker first needs to make his foot inside of the network, however when this condition is met it's literally game over for the enterprise being attacked.
The weak spot being attacked in this vulnerability is the Netlogon protocol which authenticates users against domain controllers, in essence the vulnerability was exploitable by subverting cryptography used in Netlogon granting admin privileges within the domain.
As you can imagine if this vulnerability got out of hands we would be in for a one hell of a boom in malware and ransomware gangs popularizing crypto in not necessarily the best way.
An initial bugfix to the vulnerability was pushed in August 2020 Patch Tuesday by Microsoft under the identifier of CVE-2020-1472 which will prevent the Domain controllers from using unsecured RPC communication. Further fix is planned to be released in Feburary 2021 as part of the Patch Tuesday update which will enforce a requirement that all devices within the network must use secure-RPC, unless specifically allowed by the Administrator.
Related Reading
- Zerologon vulnerability exploitation on the rise
- Cyber Threat On The Rise
- Firefox bug allows hijacking mobile browsers
- Tronlink Wallet uses weak encryption
Ongoing crypto free earn campaigns:
- Coinbase Learn & Earn up to $60 of Compound
- Coinbase Learn & Earn up to $50 of EOS
- Coinbase Learn & Earn up to $50 of XLM
Ongoing crypto non-free earn campaigns:
- Crypto.com $50 of CRO once 1000 CRO staked
