CVE-2020-1472: ‘Zerologon’ Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

From tenable.com

CVE-2020-1472: Zerologon Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

On September 11, researchers at Secura published a blog post for a critical vulnerability they’ve dubbed “Zerologon.” The blog post contains a whitepaper explaining the full impact and execution of the vulnerability, identified as CVE-2020-1472, which received a CVSSv3 score of 10.0, the maximum score. Zerologon was patched by Microsoft in the August Patch Tuesday round of updates. This disclosure follows a previous Netlogon related vulnerability, CVE-2019-1424, which Secura detailed at the end of last year.

Read more…