The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number.
The CVSS v3.0 score for this vulnerability is 10. It has proof of concept exploits, which means it is attractive to hackers and actively used for ransomware attacks. The vulnerability works by exploiting a cryptographic flaw in the Active Directory Netlogon Remote protocol.
The impact is that this vulnerability allows an attacker to take control of a Domain Controller (DC), by changing the computer password of the DC, from there the malicious actor would compromise the entire Windows estate.
To conduct a successful Zero logon attack, an external attacker must already have a foothold in the company since it targets an internal asset.
Microsoft released a patch for all AD Servers 2008 and above. The next phase of Windows updates will be available in the first quarter of 2021. You may want to consider registering for Microsoft security notifications to be alerted of the next update.
Source: MSRC
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…
