Active Exploitation of ZeroLogon - Critical Vulnerability in Netlogon Remote Protocol (CVE-2020-1472)

Published on 15 Sep 2020

Updated on 15 Sep 2020

Microsoft issued a security update in August 2020 to address a critical vulnerability in its Netlogon Remote Protocol (CVE-2020-1472). The exploit code for this vulnerability is now publicly available, and there are reports of active exploits taking place.

 

Successful exploitation of the vulnerability could allow attackers to gain domain administrator access to an exposed Active Directory server and perform malicious activities.

 

Administrators are strongly advised to patch your systems to the latest version immediately.

 

For more information, refer to:

https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

https://www.secura.com/blog/zero-logon