Active exploitation of the critical Zerologon vulnerability has begun
Information security now!
Microsoft rolled out a patch to fix the extremely critical Zerologon vulnerability (CVE-2020-1472) as part of its security updates in August. A month later, the method used to exploit the vulnerability was made public, and a number of attack tools have been published as a result. The first exploitation attempts against the vulnerability have now been detected, and an increase in the number of attacks is considered likely.
- Cynet: Zerologon Vulnerability: Analysis and Detection Tools (External link)
- Microsoft: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (External link)
- The Register: As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected (External link)
- In Finnish: Kyberturvallisuuskeskus: Hyökkäystyökaluja julkaistu kriittiselle Zerologon-haavoittuvuudelle (External link)