Patch Now: Zerologon Vulnerability Being Weaponized
Microsoft has patched the Zerologon vulnerability, an extremely dangerous bug that allows attackers to take over enterprise networks.
Zerologon Vulnerability Lets Attackers Hijack Windows Domain Controller
CVE-2020-1472 was originally released on August 11 and relates to an elevation of privilege bug used by the Netlogon Remote Protocol.
We were told this would come as a two-part solution. The first patch was made available in the August Patch Tuesday to address the server side fix, and a further fix would be released in Q1 of 2021. However, we have discovered that the vulnerability has already been weaponized in a lab, which means the severity of this vulnerability should not be taken for granted.
Why Patching Zerologon is Critical
There are several elements to Zerologon which makes it such a high priority. It has been independently ranked with a CVSS score of 10.0, which is the highest possible rating and has no countermeasures are available, which means deployment of the patch is essential to alleviate the risk.
Along with the US-CERT partner Cybersecurity & Infrastructure Security Agency, we are recommending this be treated as a zero-day vulnerability.
How to Patch the Zerologon Vulnerability
We recommend deploying this update as soon as possible. Customers of Syxsense can easily patch the vulnerability by simply searching for CVE-2020-1472 within Patch Manager.
Syxsense Manage and Syxsense Secure can easily deploy updates across your environment for Windows, Linux, and Mac devices. Automatically stay up-to-date and keep your environment secure with a simple and powerful solution.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.