Zerologon
Zerologon (aka CVE-2020-1472) is a critical vulnerability in Microsoft authentication protocol Netlogon, as implemented in some versions of Microsoft Windows and Samba.[1]
Severity
Zerologon is rated 10 under the Common Vulnerability Scoring System.[2][3] It allows attackers to access all valid usernames and passwords in each Microsoft network that they breached.[4][5] This in turn allows them to access additional credentials necessary to assume the privileges of any legitimate user of the network, which in turn can let them compromise Microsoft Office 365 email accounts.[4][5]
Unusually, Zerologon was the subject of an emergency directive from the United States Cybersecurity and Infrastructure Security Agency.[6]
In 2020, Zerologon started to be used in global attacks against automotive, engineering and pharmaceutical organizations.[7] It was also used to hack the municipal network of Austin, Texas.[4]
References
- "This Week In Security: Too Little Too Late, And Other Stories". Hackaday. 2020-10-23. Retrieved 2021-01-13.
- "What is Zerologon?". Trend Micro. 2020-09-18. Retrieved 2021-01-13.
- "New Windows exploit lets you instantly become admin. Have you patched?". Ars Technica. 2020-09-14. Retrieved 2021-01-13.
- Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". The Intercept. Archived from the original on December 17, 2020. Retrieved December 18, 2020.
- "CISA orders agencies to quickly patch critical Netlogon bug". CyberScoop. September 21, 2020. Archived from the original on October 30, 2020. Retrieved December 18, 2020.
- "Microsoft: Attackers Exploiting 'ZeroLogon' Windows Flaw". Krebs on Security. Retrieved 2021-01-13.
- Osborne, Charlie (2020-11-18). "Hacking group exploits ZeroLogon in automotive, industrial attack wave". ZDNet. Retrieved 2021-01-13.