The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
The US government is facing a huge problem related to server security. The US Department of Homeland Security (CISA) Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive calling for government agencies to install patches for 'critical' Windows Server security vulnerabilities. 'is called Zerologon.
Zerologon is a vulnerability that exists in the cryptographic authentication scheme used by the Netlogon Remote Protocol. If abused, it can pave the way for an attacker to impersonate any computer, including the Domain Controller itself, and then gain access to Active Directory services on the network without having to. log in, as well as make remote procedure calls.
More specifically, by forging an authentication token for a particular Netlogon function, an attacker can call a function that sets the Domain Controller's password to a known value. They can then use this new password to gain control of the Domain Controller and steal the domain administrator's credentials.
CISA is currently warning of serious consequences, the availability of 'in the wild' exploits, and the sheer popularity of vulnerable Windows servers acting as Domain Controllers. Basically, Zerologon affects systems running Windows Server 2008 R2 or higher, including recent systems using Windows 10 based Server editions.
Emergency directive 20-04 has been issued by CISA, instructing federal civil authorities to apply the August 2020 Windows Servers security update (August 2020 security update - CVE-2020-1472) Microsoft is for all Domain Controllers. Patch installation must be done in September.
Although the CISA warning is issued to US government agencies, it is essentially the same warning for private companies that depend on Windows servers and Active Directory.
If the intruder successfully exploits this vulnerability, they will have the right to control the network effectively, thereby spreading malware, stealing data or causing serious problems. Many companies have suffered huge damage from malware this year, and that trend may continue if they fail to protect themselves against risks like Zerologon in time.
You should read it
- Windows Server January Update causes Netlogon error
- Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication required
- Microsoft has patched the critical vulnerability on Android Remote Desktop application
- How to install Active Directory on Windows Server 2019
- Microsoft has released a critical update for Windows 10, users need to update now
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
May be interested
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterpriseshow to exploit a critical zero-day vulnerability in the java-based apache log4j logging library has just been posted on the internet. this leaves users and businesses as well as organizations vulnerable to remote code execution attacks.
- Microsoft issued a warning about macOS security errors, urging users to update the software immediatelythe microsoft security team recently issued a warning about a vulnerability that exists in a bug in apple's transparency, consent and control (tcc) technology. tcc is a technology that has been around since 2012.
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication requiredrecently, the ncsc cybersecurity monitoring center recorded an exploit code for a critical security vulnerability cve-2022-21907 in windows' http protocol stack.
- Detecting dangerous backdoors targeting both Windows, macOS and Linuxinternational cybersecurity researchers have just issued an urgent notice about a new type of cross-platform malware called 'sysjoker' that has been appearing all over the world.
- Google releases an urgent update for Chrome, users should update immediatelygoogle has rolled out emergency updates for chrome users on both windows, macos and linux to patch a critical flaw.
- Hundreds of HP printer models contain vulnerabilities that allow remote code execution attackshp has issued security alerts for three critical vulnerabilities affecting hundreds of laserjet pro, pagewide pro, officejet, enterprise, large format, and deskjet printer models.
- Warning of Critical Vulnerability Affecting Realtek Wi-Fi Modulesthrough these vulnerabilities, malicious actors can completely gain higher privileges on the target device.
- Microsoft releases an urgent patch to fix authentication errors on Windows Servermicrosoft has just released an out-of-band (urgent update) update to fix authentication errors related to kerberos authorization scenarios affecting domain controllers (dcs) running versions of windows. servers are supported.
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distrosrecently, security researcher max kellermann shared about a security flaw called 'dirty pipe'. it affects linux kernel 5.8 and above and even android devices.
- Serious vulnerability in OpenSSH threatens millions of serversaccording to techradar, a serious security vulnerability called 'regresshion' (cve-2024-6387) has existed in openssh for more than 4 years and is threatening many servers around the world.