Zerologon

Zerologon (aka CVE-2020-1472) is a critical vulnerability in Microsoft authentication protocol Netlogon, as implemented in some versions of Microsoft Windows and Samba.^[1]

Severity

Zerologon is rated 10 under the Common Vulnerability Scoring System.^[2]^[3] It allows attackers to access all valid usernames and passwords in each Microsoft network that they breached.^[4]^[5] This in turn allows them to access additional credentials necessary to assume the privileges of any legitimate user of the network, which in turn can let them compromise Microsoft Office 365 email accounts.^[4]^[5]

Unusually, Zerologon was the subject of an emergency directive from the United States Cybersecurity and Infrastructure Security Agency.^[6]

In 2020, Zerologon started to be used in global attacks against automotive, engineering and pharmaceutical organizations.^[7] It was also used to hack the municipal network of Austin, Texas .^[4]

References

↑ "This Week In Security: Too Little Too Late, And Other Stories". 2020-10-23. https://hackaday.com/2020/10/23/this-week-in-security-too-little-too-late-and-other-stories/.
↑ "What is Zerologon?". 2020-09-18. https://www.trendmicro.com/en_us/what-is/zerologon.html.
↑ "New Windows exploit lets you instantly become admin. Have you patched?". 2020-09-14. https://arstechnica.com/information-technology/2020/09/new-windows-exploit-lets-you-instantly-become-admin-have-you-patched/.
↑ ^4.0 ^4.1 ^4.2 Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". https://theintercept.com/2020/12/17/russia-hack-austin-texas/.
↑ ^5.0 ^5.1 "CISA orders agencies to quickly patch critical Netlogon bug". September 21, 2020. https://www.cyberscoop.com/cisa-netlogon-microsoft-vulnerability-emergency/.
↑ "Microsoft: Attackers Exploiting 'ZeroLogon' Windows Flaw". https://krebsonsecurity.com/2020/09/microsoft-attackers-exploiting-zerologon-windows-flaw/.
↑ Osborne, Charlie (2020-11-18). "Hacking group exploits ZeroLogon in automotive, industrial attack wave". https://www.zdnet.com/index.php/category/10250/4/index.php/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/.

0.00

(0 votes)

[Hackaday_2020-1] "This Week In Security: Too Little Too Late, And Other Stories". 2020-10-23. https://hackaday.com/2020/10/23/this-week-in-security-too-little-too-late-and-other-stories/.

[Trend_Micro_2020-2] "What is Zerologon?". 2020-09-18. https://www.trendmicro.com/en_us/what-is/zerologon.html.

[ars-2020-09-14-3] "New Windows exploit lets you instantly become admin. Have you patched?". 2020-09-14. https://arstechnica.com/information-technology/2020/09/new-windows-exploit-lets-you-instantly-become-admin-have-you-patched/.

[intercept-2020-12-17-4] 4.0 ^4.1 ^4.2 Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". https://theintercept.com/2020/12/17/russia-hack-austin-texas/.

[cs-2020-09-21-5] 5.0 ^5.1 "CISA orders agencies to quickly patch critical Netlogon bug". September 21, 2020. https://www.cyberscoop.com/cisa-netlogon-microsoft-vulnerability-emergency/.

[Krebs_on_Security-6] "Microsoft: Attackers Exploiting 'ZeroLogon' Windows Flaw". https://krebsonsecurity.com/2020/09/microsoft-attackers-exploiting-zerologon-windows-flaw/.

[Osborne_2020-7] Osborne, Charlie (2020-11-18). "Hacking group exploits ZeroLogon in automotive, industrial attack wave". https://www.zdnet.com/index.php/category/10250/4/index.php/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Anonymous

Search

Zerologon

Namespaces

More

Page actions

Severity

See also

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Zerologon

Severity

See also

References

Navigation

Wiki tools

Page tools

Other projects

Categories