Microsoft Domain Controller “ZeroLogon” and RCE Vulnerabilities

From securityboulevard.c

A recent disclosure by Dutch security firm Secura B.V. has highlighted how dangerous a Netlogon vulnerability (CVE-2020-1472) included in the August 2020 Patch Tuesday release can be to a network.  To exploit this vulnerability, an attacker with an established foothold in an internal network could exploit the weak cryptographic algorithm used by Netlogon authentication to impersonate any computer on the network, including the Domain Controller itself, disable security features, and change a computer’s password on the Domain Controller.  It is expected this vulnerability will be utilized by threat actors, especially ransomware groups, now that a simplified way to pivot from a client side attack to a full domain compromise is feasible.  Please ensure that your systems are patched with Microsoft’s August 2020 release to mitigate.

Read more…