Message :
Required fields Zerologon has quickly become valuable to nation-state threat actors and ransomware gangs, making it imperative for organizations to apply these patches immediately if they have not yet done so. Background On February 9, as part of its February 2021 Patch Tuesday release, Microsoft released an additional patch for Zerologon to enable a security setting by default to protect vulnerable systems.
CVE-2020-1472, also known as Zerologon, is a critical elevation of privilege vulnerability in Microsoft s Netlogon Remote Protocol. It was initially patched in Microsoft s August 2020 Patch Tuesday. The vulnerability received a CVSSv3 score of 10.0, the maximum possible score, and a Vulnerability Priority Rating (VPR) score of 10, underscoring its severity.
This move will block vulnerable connections from noncompliant devices, according to a Microsoft Security and Response Center blog post. DC enforcement mode requires both Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with a Netlogon secure channel, unless a business has allowed an account to be exposed by adding an exception for a noncompliant device.
CVE-2020-1472 is a privilege escalation flaw in the Windows Netlogon Remote Protocol (MS-NRPC) with a CVSS score of 10. It could enable an unauthenticated attacker to use MS-NRPC to connect to a domain controller and gain full admin access.
Since it was fixed in August, the Zerologon bug has been seen in active campaigns from Iranian threat group Mercury. The DHS s Cybersecurity and Infrastructure Security Agency (CISA) later issued an emergency directive for the flaw, requiring federal agencies to patch immediately.