Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Windows Server Netlogon Exploit Code Publicly Exposed

Windows Server Netlogon Exploit Code Publicly Exposed
Read more...

Evilnum hackers targeting financial firms with a new Python-based RAT

Evilnum hackers targeting financial firms with a new Python-based RAT
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !
  • Sign in to follow this  

    Windows Server Netlogon Exploit Code Publicly Exposed

       (0 reviews)

    AdminSec
    • Title: Windows Server Netlogon Exploit Code Publicly Exposed
      Content:

      The Cybersecurity and Infrastructure Security Agency (CISA) affirmed in a Monday announcement that code is publicly accessible that could be used to exploit a "Critical"-rated Netlogon vulnerability in newer Windows Server versions.

      The vulnerability, known as CVE-2020-1472, could lead to elevation-of-privilege attacks if left unpatched. These Netlogon vulnerabilities are present in Windows Server 2019 and Windows Server 2016 products. A successful exploit could enable domain administrator privileges for an attacker, CISA's announcement noted.

      Last month, an exploit wasn't publicly known, but it is now, according to Will Dormann, a vulnerability analyst at CERT/CC.

      "Anybody who has not installed the patch from August's [Microsoft's] Patch Tuesday already is going to be in much worse shape than they already were," Dormann indicated in a Twitter post. His analysis can be found in this U.S. CERT article.

      Update 9/15: Information on the vulnerability, dubbed "Zerologon," has been published by Secura, which caused Microsoft to increase its risk score, according to Nick Colyer, a senior product marketing manager at security solutions company Automox.

      "The recent critical information released by Secura on the vulnerability dubbed Zerologon, first addressed by Microsoft's August Patch Tuesday security update, goes to show that even after a patch has been released, the research does not end," Colyer said via e-mail. "In this case, Secura has released data to Microsoft, justifying an increase in CVSS scoring to 10 of CVE-2020-1472."

      Microsoft previously described a two-step approach to dealing with the Netlogon vulnerability. The first step involves installing a security patch that was released last month, which provides initial protection. The next step will be to turn on enforcement of secure Remote ProtoCol (RPC) for Netlogon, which will happen via a Feb. 9, 2021 patch. Organizations will need to have both patches in place. Otherwise, device users could experience access issues. 

      IT pros could have trouble locating vulnerable Netlogon clients in their organizations. Last month, Microsoft proposed using its Azure Sentinel cloud-based security information event management (SIEM) solution with its Insecure Protocols Workbook to find those vulnerabilities.

      Tutorial Here :

       

      CVE-2020-1472 Zerologon Vulnerability in Netlogon.png

    Windows Server Netlogon Exploit Code Publicly Exposed
    Sign in to follow this  


    User Feedback

    Guest

×
×
  • Create New...