Microsoft revealed on Wednesday that hackers were actively exploiting a vulnerability in the operating system known as Zerologon. The flaw allowed attackers to access the “ActiveDirectory” network user management tool and have control over server domains.
On Twitter, the company reported: “Microsoft is actively tracking the activity of the threat actor using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, nicknamed Zerologon. We observed attacks where public exploits were incorporated into the attacker’s playbooks ”.
Exploits are a subset of malware. In general, they are malicious programs with executable data or code, capable of taking advantage of system vulnerabilities on a local or remote computer.
To address this vulnerability, Microsoft recommended that users immediately apply the August 2020 security updates, CVE-2020-1472. The CVE prefix is the initial in English for “Common vulnerabilities and exposures”.
“Severely critical” vulnerability
The security breach was first exposed on September 14 by researchers from the Dutch cybersecurity company Secura BV. According to the American website CNET, since then, several versions of the exploit have been published online for free download.
The use of exploits confirmed Secura’s suspicion that the flaw could be exploited even by inexperienced hackers. Microsoft classified the vulnerability as “severely critical,” and the Common Vulnerability Scoring System (CVSS), an organization that assesses security threats in computing systems, assigns a maximum severity score to the failure.
On Monday (21), after the US government agency Cybersecurity and Infrastructure Security Agency (CISA) determined an update of Windows servers to correct the security breach, several consultants have recommended that companies fix the problem.
However, they warn that, before repairs, systems must be taken offline, because if they remain connected, they will remain vulnerable, since attacks can be triggered without the hacker having an internal user credential.