Home GDPR Zerologon vulnerability actively exploited, says Microsoft
GDPR - 4 weeks ago

Zerologon vulnerability actively exploited, says Microsoft

Microsoft has observed attacks exploiting the serious security flaw dubbed “Zerologon”, the company’s security intelligence team reported in a tweet yesterday.

The vulnerability, officially called CVE-2020-1472 Netlogon EoP, can allow cyber attackers to get access to an unpatched Windows domain controller, leading to control over the internal network of an organisation. As a critical threat, it can be executed without user interaction.

Underscoring the significance of the risk, last week the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week instructing US federal agencies to apply a patch – issues by Microsoft in August – to all Windows Servers by 21 September.

Microsoft’s tweet said: “Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.”

The post Zerologon vulnerability actively exploited, says Microsoft appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

UK releases details of Russian cyber attacks against Olympics and Paralympics

GRU, Russia’s military intelligence service, hacked officials and organisations involved i…