720-891-1663
Return to the list of client alerts
The zerologon bug is an authentication bypass bug (i.e, I don’t need no stinkin’ password) to Windows domain controllers.
While Microsoft patched the bug (designated CVE-2020-1472) last month, businesses tend to be more cautious about patching servers and especially about patching domain controllers, so many have not applied this patch.
Hackers are counting on this.
Unfortunately, a Dutch security firm has described the bug for all hackers to better understand. Among other features of the bug, it allows the hacker to impersonate any user or computer on the network and even change that resource’s password.
In a word, OUCH!
First the good news. The attack does not work remotely.
Now the bad news. If the hacker can install malware on any computer, anywhere on the network, they can take over the network in THREE SECONDS.
Even more bad news. That person on the network does not have to be authenticated. So, for example, if the cleaning people are bribed or conned into letting an attacker into the office at night and they can find a network jack anywhere in the office, it is GAME OVER.
Hence the rating of 10 out of 10.
Just to be clear.
Because this bug rated a 10, Microsoft got out some Duct tape and Gorilla glue last month. The real patch won’t be released until next year.
This should not make network admins any happier because we are always worried about a patch breaking something and while Gorilla glue is pretty strong, it could glue the wrong things together.
The researchers have released a python script to help admins figure out whether the Gorilla glue and maybe a couple of 10 penny nails are holding.
Credit: ZDNet