Zerologon Vulnerability: What You Need to Know

From securityboulevard.com

Zerologon Malware Complacency

Zerologon made its way into our collective awareness in late September 2020, when it was revealed that hackers were actively targeting the vulnerability. While the complete patch was made available this month, on February 9th, 2021, both Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have encouraged companies to use the available partial patch – but many end-users procrastinated, or did not implement the partial patch at all. The reason for a partial patch? The patch, though rolled out by Microsoft in August 2020, was incomplete because the Zerologon flaw is at the protocol level; when protocols are changed without full awareness, network issues can arise.

Read more…