This week, Microsoft announced that it continues to obtain complaints of attacks targeting the Zerologon vulnerability from customers.
Patched on August 11, the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) found the security vulnerability. Tracked as CVE-2020-1472, to compromise Active Directory domain controllers and obtain domain administrator rights, the problem can be exploited.
After the DHS directed federal departments to quickly submit available fixes, the flaw came into the spotlight, with both Microsoft and CISA releasing reports on the attackers actively exploiting the bug.
Microsoft released a guide at the end of September to provide companies with all the required information to fix the problem inside their Active Directory implementations, but it seems that certain customers are already vulnerable.
“The vulnerability could cause an attacker to fake a domain controller account that could be used to capture domain credentials and take over the domain, if the original advice is not implemented,” Microsoft now says.
The technology giant also reiterates that downloading the available patches on each domain controller is the first step in fixing the vulnerability.
Responsive Directory domain controller and trust accounts will be secured alongside Windows domain-joined system accounts until they have been fully deployed. The business states that we highly urge everyone who has not adopted the upgrade to take this measure now.
Customers can use the upgrade to follow the previously released advice from Microsoft to ensure that they are completely covered. In that guide, for more clarification, the organisation has already revised the FAQs.
Following the upgrade, to ensure that CVE-2020-1472 is actually handled in their system, consumers are recommended to locate any devices that might still be vulnerable, fix them, and then allow compliance mode.
CISA issued a warning on Thursday to warn of continuing misuse of Zerologon and to encourage administrators to instal the patches available as soon as possible.