Zerologon vulnerability actively exploited, says Microsoft

Microsoft has observed attacks exploiting the serious security flaw dubbed “Zerologon”, the company’s security intelligence team reported in a tweet yesterday.

The vulnerability, officially called CVE-2020-1472 Netlogon EoP, can allow cyber attackers to get access to an unpatched Windows domain controller, leading to control over the internal network of an organisation. As a critical threat, it can be executed without user interaction.

Underscoring the significance of the risk, last week the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week instructing US federal agencies to apply a patch – issues by Microsoft in August – to all Windows Servers by 21 September.

Microsoft’s tweet said: “Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.