The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
The US government is facing a huge problem related to server security. The US Department of Homeland Security (CISA) Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive calling for government agencies to install patches for 'critical' Windows Server security vulnerabilities. 'is called Zerologon.
Zerologon is a vulnerability that exists in the cryptographic authentication scheme used by the Netlogon Remote Protocol. If abused, it can pave the way for an attacker to impersonate any computer, including the Domain Controller itself, and then gain access to Active Directory services on the network without having to. log in, as well as make remote procedure calls.
More specifically, by forging an authentication token for a particular Netlogon function, an attacker can call a function that sets the Domain Controller's password to a known value. They can then use this new password to gain control of the Domain Controller and steal the domain administrator's credentials.
CISA is currently warning of serious consequences, the availability of 'in the wild' exploits, and the sheer popularity of vulnerable Windows servers acting as Domain Controllers. Basically, Zerologon affects systems running Windows Server 2008 R2 or higher, including recent systems using Windows 10 based Server editions.
Emergency directive 20-04 has been issued by CISA, instructing federal civil authorities to apply the August 2020 Windows Servers security update (August 2020 security update - CVE-2020-1472) Microsoft is for all Domain Controllers. Patch installation must be done in September.
Although the CISA warning is issued to US government agencies, it is essentially the same warning for private companies that depend on Windows servers and Active Directory.
If the intruder successfully exploits this vulnerability, they will have the right to control the network effectively, thereby spreading malware, stealing data or causing serious problems. Many companies have suffered huge damage from malware this year, and that trend may continue if they fail to protect themselves against risks like Zerologon in time.
You should read it
- Windows Server January Update causes Netlogon error
- Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication required
- Microsoft has patched the critical vulnerability on Android Remote Desktop application
- How to install Active Directory on Windows Server 2019
- Microsoft has released a critical update for Windows 10, users need to update now
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
May be interested
- Discovered a particularly dangerous vulnerability in Cisco Jabber video conferencing softwareif the vulnerability in cisco jabber is exploited successfully, the hacker will gain control of the victim's computer.
- Typosquatting, attacking techniques, extortion with typos, typostaking advantage of users' typos, typos, bad guys with a sharp mind have devised a typosquatting attack technique.
- Detecting a Google Drive vulnerability could allow hackers to trick users into installing malwarean unresolved security weakness in google drive can be exploited by software attackers to distribute malicious files.
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emailsgoogle just patched a critical vulnerability affecting gmail and g suite. this vulnerability allows hackers to send fake identity emails to scam users.
- Find bug in Emotet malware, prevent it from spreading for 6 monthsaccording to researcher james quinn of the security firm binary defense, like other software, malicious code also has vulnerabilities, error codes. hackers can exploit software vulnerabilities to cause harm, security experts can also decompile the source code of malicious code to find the vulnerability to exploit and defeat the malicious code.
- Microsoft has just patched a critical security hole in Windows 10 discovered in 2018in patch tuesday released august 2020, microsoft patched a vulnerability that allowed hackers to turn msi files into java files that could spread malicious code on windows 10. and more importantly, malicious files. this harm retains the legal digital signature.