State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Netlogon Vulnerability Exploited in the Wild – PATCH NOW!

NJCCIC Alert

Original Release Date: 9/28/2020

Summary

Microsoft revealed that it is actively tracking threat actors exploiting the Zerologon vulnerability (CVE-2020-1472) in Netlogon, the protocol used by Windows systems to authenticate to a domain controller. The vulnerability could be exploited to manipulate Netlogon authentication procedures to impersonate a system on the network, disable Netlogon authentication security features, and change passwords on a domain controller’s Active Directory, effectively taking over the domain controller and the internal network.

Recommendations

The NJCCIC highly advises administrators apply the patch released in Microsoft’s August Patch Tuesday update as soon as possible after appropriate testing. Please review the previous NJCCIC alert on Zerologon for more information.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.