CVE-2020-1472, also known as “Zerologon,” is a security vulnerability that has made headlines this past week, and we want to make sure our clients are aware of it and protected.
Why does Zerologon pose such a security risk?
- It gives attackers complete domain admin privileges
- An attack can be completed without any authentication or credentials
- Requires only tricking one employee into clicking on a malicious link or basic access to the company network
- Exploit codes are readily available
So what happens if an attacker exploits this bug? Through a flaw in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), by simply sending a series of Netlogon messages with input fields filled with zeros, they are able to completely own all Active Directory services, ultimately compromising the Windows domain. What is worse is that the bug can be exploited by any machine on the local network, with no authentication, which is particularly concerning because it would typically take a long time to escalate privileges to this level.
Fortunately, a patch for the vulnerability was released in Microsoft’s August 2020 Patch Tuesday update. Microsoft has advised all windows administrators to install the necessary security updates.
Compudyne EDGE Clients
To ensure our EDGE clients are protected from this vulnerability, we have already released the necessary patches with our EDGE agents, for supported platforms, to all EDGE Pro and EDGE Assist clients. Our EDGE agents automatically collect patch compliance statistics that are visible in the Compudyne client portal.
Please note, if your organization is currently running Windows Server 2008 R2, it has not and will not be patched for this vulnerability. If not patched, this vulnerability poses a significant security risk to your organization. We recommend upgrading as soon as possible.
As always, we are happy to work with you to help ensure your organization is protected from vulnerabilities like this one.