Zerologon - Security Newsletter

By ircrp | ircrp | 21 Sep 2020

Last month Microsoft has patched one of the most serious vulnerability reported to the company ever, a bug that if abused would easily allow actors to overtake Windows Server running as domain controllers in enterprise networks. The vulnerability received the maximum 10 out of 10 severity rating and the details were never made public, until now.


The entire attack is very quick and can take a few seconds to execute if automated effectively. An attacker first needs to make his foot inside of the network, however when this condition is met it's literally game over for the enterprise being attacked. 

The weak spot being attacked in this vulnerability is the Netlogon protocol which authenticates users against domain controllers, in essence the vulnerability was exploitable by subverting cryptography used in Netlogon granting admin privileges within the domain.


As you can imagine if this vulnerability got out of hands we would be in for a one hell of a boom in malware and ransomware gangs popularizing crypto in not necessarily the best way.


An initial bugfix to the vulnerability was pushed in August 2020 Patch Tuesday by Microsoft under the identifier of CVE-2020-1472 which will prevent the Domain controllers from using unsecured RPC communication. Further fix is planned to be released in Feburary 2021 as part of the Patch Tuesday update which will enforce a requirement that all devices within the network must use secure-RPC, unless specifically allowed by the Administrator.



Related Reading



Ongoing crypto free earn campaigns:


Ongoing crypto non-free earn campaigns:

How do you rate this article?



Crypto & Stuff

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.