Contact Us

Newsletter Sign-Up

2 min read

ZeroLogon Bites Back

Sep 29, 2020 12:25:46 PM


Last week we posted a blog article regarding the ZeroLogon exploit, or CVE-2020-1472. At the time there were no documented attacks leveraging the exploit. That's changed.

According to a post on Microsoft's Twitter account, the exploit has already been added to attacker's playbook.

If you're unfamiliar, CVE-2020-1472 allows an attacker obtain admin access to unprotected Windows domain controllers. The CVE has a CVSS rank of 10 and impacts Server 2009 through Sever 2019.

Microsoft did release the first part of of a two pronged solution to the problem in August, with the second part expected early 2021. If you haven't had a chance to patch your domain controllers, I highly recommend doing so.

If you're worried, or concerned that you're vulnerable, cybersecurity research firm Secura has released a free tool on GitHub that will tell you if your Domain Controler is vulnerable or not. It's a simple Python script and should be relatively easy to implement. You can find that here.

Otherwise, you can try to use a tool like OpenVAS to see if you're vulnerable. Ultimately it's good to scan for vulnerabilities from time to time. Vulnerability scanning is a part of a healthy cybersecurity ecosystem.

For any additional information, I recommend checking out Microsoft's information page for CVE-2020-1472.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don't forget to follow us on LinkedIn and Twitter

Carl Keyser

Written by Carl Keyser

Experienced Marketer & Graphic Designer. Professional skilled in Graphics, Branding & Identity, Typography, Adobe Creative Suite, Google Analytics, Google AdWords and HubSpot Inbound Marketing .