BREACH RADAR

What’s Zerologon? And Why Did It Need Patching?

Picture of Hodgson Consulting & Solutions

Hodgson Consulting & Solutions

Zerologon is a bug that was reported to Microsoft, after infiltrating their system. The company caught wind of the infiltration and began patching, without a word to the masses. ZDNet reported, “unbeknownst to many, last month Microsoft patched one of the most severe bugs ever reported to the company, an issue that could be abused to easily take over Windows Servers running as domain controllers in enterprise networks.”  (zdnet.com, 2020) Microsoft patched the bug during their August 2020 patch Tuesday. The information surrounding the details of what the patch was for was ambiguous, to say the least.

Microsoft rated this threat with the highest vulnerability rating of 10. “But details were never made public, meaning users and IT administrators never knew how dangerous the issue really was.” (zdnet.com, 2020)

So how does this 10 out of 10 bug work? And what makes it worthy of such a rating? According to reports, the bug “takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process.” (zdnet.com, 2020) When doing so, this bug takes over your domain controller with a host of literal zeros – hence where it got its name!

“This bug allows an attacker to manipulate Netlogon authentication procedures and:

● Impersonate the identity of any computer on a network when trying to authenticate against the domain controller

● Disable security features in the Netlogon authentication process

● Change a computer’s password on the domain controller’s Active Directory (a database of all computers joined to a domain, and their passwords)” (zdnet.com, 2020)

The scariest part of a Zerologon attack is how quickly it can happen and the ongoing aftermath that it creates! “The entire attack is very fast and can last up to three seconds, at most. In addition, there are no limits to how an attacker can use the Zerologon attack” (zdnet.com, 2020)

A Zerologon attack cannot take over your Windows server from outside of your network. That’s good news! Additionally, an attacker has to have a foothold on your network to even start the attack. That’s where we come in! We make sure that they don’t have that opportunity.

Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. We offer full solutions for your IT needs, not just Band-Aid fixes. Contact us to receive a FREE Cyber Security Risk Assessment and also learn more about our Managed Security Service Plans. Contact our office today at 847-906-5005.

Share Post: