Netlogon Elevation of Privilege Vulnerability

The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number.

The CVSS v3.0 score for this vulnerability is 10. It has proof of concept exploits, which means it is attractive to hackers and actively used for ransomware attacks. The vulnerability works by exploiting a cryptographic flaw in the Active Directory Netlogon Remote protocol.

The impact:

The impact is that this vulnerability allows an attacker to take control of a Domain Controller (DC), by changing the computer password of the DC, from there the malicious actor would compromise the entire Windows estate.

To conduct a successful Zero logon attack, an external attacker must already have a foothold in the company since it targets an internal asset.

The remediation:

Microsoft released a patch for all AD Servers 2008 and above. The next phase of Windows updates will be available in the first quarter of 2021. You may want to consider registering for Microsoft security notifications to be alerted of the next update.

Source: MSRC

Risk Crew