• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Urgently Patch the Zerologon Windows Vulnerability

You are here: Home / Security News / Urgently Patch the Zerologon Windows Vulnerability

Since the patch was released in August for Zerologon (CVE-2020-1472), technical details have been made public that allow hackers to use public exploits to attack. Microsoft has detected Zerologon vulnerability being actively exploited on live systems. Zerologon patch

Technically speaking, Zerologon is an authentication bypass in Netlogon Remote Protocol (MS-NRPC) that WIndows uses to authenticate entities in a domain-based environment. Essentially, an internal part of Windows machines authenticating to each other. One of the features of MS-NRPC is that it permits authenticated computers to change their password.

The Zerologon allows a malicious actor to impersonate any computer in the Windows network environment, including the password of the domain controller, and change the domain password.  The result is that the attacker gains administrative rights to the Windows domain controller, and takes over the network.

While Zerologon was initially rated ‘Critical’ by Microsoft, the risk posed was later rated as ‘Unlikely’. This vulnerability does not allow an attacker to break into a Windows network, but is an excellent second phase attack to allow lateral movement.

A detailed technical breakdown of the attack is available here.

Th Zerologon patch is a phased release, as the fix affects low-level components and is expected to complete in Q1 2021. It is presently available for supported versions of Windows Server. A company called 0patch has reverse engineered Microsoft’s patch, and developed a version that can be applied to Windows Server 2008 R2 without Extended Security Updates for their paying customers.

Agilient recommends organisations subscribe to threat intelligence services such as Agilient’s partner, Looking Glass Scout Prime, to get notice of similar threats to business continuity. Contact Agilient to discuss your organisation’s cybersecurity.

Author: David Steele, Agilient Consultant

Tweet
Share

Security News Agilient,  cybersecurity,  Looking Glass Scout Prime,  Microsoft,  online security,  patching,  vulnerability,  Windows patch,  Zerologon

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692