CISA: Hackers Exploiting Unpatched Microsoft NetLogon Vulnerability
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency has urged all organizations to apply the partial patch and to implement mitigation methods for a vulnerability found in Microsoft Netlogon domain controller, as hackers are actively exploiting the flaw.
The elevation of privilege flaw CVE-2020-1472, dubbed “Zerologon,” occurs if a hacker is able to establish a secure connection to a domain controller through the vulnerable Netlogon Remote Protocol (MS-NRPC), an RPC interface exclusively used by domain-connected devices.
The MS-NRPC employs and authentication method and another technique to establish a Netlogon secure channel. Hackers can exploit...