HackDig : Dig high-quality web security articles for hackers

CISA Issues Alert for Microsoft Netlogon Vulnerability

2020-09-15 16:45
CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory warning there is publicly available exploit code for CVE-2020-1472, a critical elevation of privilege vulnerability in Microsoft's Netlogon.

Related Content:

6 Lessons IT Security Can Learn From DevOps

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: Think You're Spending Enough on Security?

"Zerologon," as Secura researchers dubbed the bug, has a CVSS score of 10.0. It exists when an attacker creates a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). Microsoft patched the vulnerability as part of its August Patch Tuesday rollout; it's being addressed in a two-part rollout, the company reports.

Since then, researchers have noticed several proofs of concept published to GitHub, "which demonstrates wide interest and experimentation across the security community," Tenable researchers write. In order to exploit this, an attacker would need to launch their attack from a machine on the same local area network as the victim. An unauthenticated attacker would need to use MS-NRPC to connect to a domain controller and gain domain administrator access.

An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network, Microsoft says. In a hypothetical attack, someone could leverage this flaw to spread ransomware throughout a target environment and maintain a presence.

Businesses that apply the available update will fix the problem by enforcing Remote Procedure Call (RPC) in the Netlogon protocol for all Windows devices. Microsoft says users will be notified when the second phase of Windows updates becomes available in the first quarter of 2021. 

For more details, read the CISA advisory and Microsoft's article on managing changes.


Source: enluv-nogolten-tfosorcim-rof-trela-seussi-asic/staerht---seitilibarenluv/moc.gnidaerkrad.www

Read:117 | Comments:0 | Tags: Vulnerability CISA

“CISA Issues Alert for Microsoft Netlogon Vulnerability”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud