Since May 1903 update, Windows 10 will notify users about risks, associated with connection to…
Now the specialists of the Dutch company Secura BV, who initially discovered the bug, published a report with its detailed description, and it became clear that the Zerologon problem reasonably received such assessment. There is no PoC exploit attached to the experts’ report, but attached Python script can be used to check the correctness of the domain controller configuration.
In fact, the Zerologon vulnerability relies on a weak cryptographic algorithm used in the Netlogon authentication process. The problem was named Zerologon, as the attack is carried out by adding zeros to certain Netlogon authentication parameters, as seen in the illustration above. As a result, the bug allows an attacker to manipulate authentication, namely:
The researchers emphasize that such an attack can take a maximum of three seconds. In addition, the attack has practically no restrictions: for example, an attacker can impersonate a domain controller and change the password, which will allow him to take over the entire corporate network.
Fortunately, Zerologon cannot be used remotely, which means that an attacker must first somehow penetrate the company’s network and gain a foothold there. However, if this happens, Zerologon carries a huge risk. For example, such a bug can be very useful for ransomware operators, who often start an attack by infecting just one computer in a company’s network and then try to spread their influence over the entire network.
“This attack has a huge impact,” write the experts at Secura BV. “In essence, it allows any attacker on the local network (for example, an insider or person that connected a device to a local network port) to completely compromise a Windows domain.”
Patching Zerologon has proven to be a daunting task for Microsoft. The fact is that the company’s engineers had to change the way that billions of devices use to connect to corporate networks. As a result, the process of fixing the bug was divided into two stages: the first stage was already completed in August 2020, when Microsoft released an interim fix. This temporary patch made the Netlogon security mechanisms (which Zerologon disabled) mandatory for all authentication operations, effectively preventing attacks.
The release of a more complete patch for Zerologon is scheduled for February 2021, in case attackers still find a way to bypass the August fixes. Unfortunately, Microsoft expects that the second patch will inevitably cause authentication problems on some devices.
Let me remind you that in September Microsoft Patch Tuesday Addresses 129 Vulnerabilities, Including More Than 20 Critical Ones, and a month earlier Microsoft patched two 0-day vulnerabilities that were under attacks.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…