CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory warning there is publicly available exploit code for CVE-2020-1472, a critical elevation of privilege vulnerability in Microsoft's Netlogon.
"Zerologon," as Secura researchers dubbed the bug, has a CVSS score of 10.0. It exists when an attacker creates a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). Microsoft patched the vulnerability as part of its August Patch Tuesday rollout; it's being addressed in a two-part rollout, the company reports.
Since then, researchers have noticed several proofs of concept published to GitHub, "which demonstrates wide interest and experimentation across the security community," Tenable researchers write. In order to exploit this, an attacker would need to launch their attack from a machine on the same local area network as the victim. An unauthenticated attacker would need to use MS-NRPC to connect to a domain controller and gain domain administrator access.
An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network, Microsoft says. In a hypothetical attack, someone could leverage this flaw to spread ransomware throughout a target environment and maintain a presence.
Businesses that apply the available update will fix the problem by enforcing Remote Procedure Call (RPC) in the Netlogon protocol for all Windows devices. Microsoft says users will be notified when the second phase of Windows updates becomes available in the first quarter of 2021.
For more details, read the CISA advisory and Microsoft's article on managing changes.
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024