POC Code Published for Critical Elevation of Privilege Netlogon Vulnerability – Patch Now!

Summary

Proof-of-concept (POC) code was published to exploit an elevation of privilege vulnerability – CVE-2020-1472 – found in Netlogon, the protocol used for authentication against domain controllers. The vulnerability, dubbed Zerologon, received a severity score of 10 and can be exploited to manipulate Netlogon authentication procedures to impersonate a system on the network, disable Netlogon authentication security features, and change passwords on a domain controller’s Active Directory. Threat actors can exploit Zerologon by adding zero characters in certain Netlogon authentication parameters. While the attack does require local network access, it can be conducted in seconds. As the POC code was published, attacks are considered imminent.

Recommendations

The NJCCIC advises applying the temporary fix provided in Microsoft’s August Patch Tuesday updates as soon as possible after appropriate testing and applying the complete patch when it becomes available. Technical details can be found in the Secura blog post.