When Microsoft released a cumulative update in August 2020, it also disclosed a high-risk elevation of privilege vulnerability (EoP), which rated the maximum 10.0 in severity.
A score of 10 points means that this vulnerability is extremely serious, and it is true, it only takes an attacker 3 seconds to control the affected AD domain.
This high-risk security vulnerability was discovered by Tom Tervoort, a researcher at the security company Secura. The vulnerability is located in the Windows Netlogon remote protocol.
An attacker can use a man-in-the-middle (MIT) attack to obtain AD domain administrator authority, and then use this authority to directly control all computers in the AD domain.
And this year the researcher discovered more serious security vulnerabilities and it is still in the Netlogon protocol that allows unauthorized users to control the entire domain. In fact, the attacker can completely control the login credentials and change the domain control password.
For experienced attackers, it only takes 3 seconds to exploit this vulnerability, and then they can take over all computers in certain AD domains of enterprises or institutions.
This vulnerability was eventually named Zerologon (CVE-2020-1472), and Microsoft initially fixed the vulnerability in the August 2020 security update.
But the vulnerability is more complicated. Microsoft needs more time to fix it. The company said it will continue to roll out security updates next year to block the vulnerability and reduce its harm.
The Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security recently issued a security warning, requiring US federal government agencies to immediately install updates for servers, etc.
Under normal circumstances, the U.S. Department of Homeland Security will not issue warnings for vulnerabilities, unless the vulnerability is extremely harmful and must issue public warnings to remind organizations to install updates.
At the same time, the Bureau of Cybersecurity and Infrastructure Security also strongly recommends that private companies and the public install the update as soon as possible. If the update cannot be installed in time, domain control should be disabled.
The post Homeland Security issues Zerologon security vulnerability warning appeared first on InfoTech News.