One of this year’s most severe Windows bugs is now under active exploit

0
38
One of this year’s most severe Windows bugs is now under active exploit

One of this year’s most severe Windows bugs is now under active exploit

One of this year’s most severe Windows bugs is now under active exploit

(credit: Pixabay)

One of the highest-impact Windows vulnerabilities patched this year is now under active exploitation by malicious hackers, Microsoft warned overnight, in a development that puts increasing pressure on laggards to update now.

CVE-2020-1472, as the vulnerability is tracked, allows hackers to instantly take control of the Active Directory, a Windows server resource that acts as an all-powerful gatekeeper for all machines connected to a network. Researchers have dubbed the vulnerability Zerologon, because it allows attackers with only minimal access to a vulnerable network to login to the Active Directory by sending a string of zeros in messages that use the Netlogon protocol.

Zerologon carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Despite the high rating, the escalation-of-privileges vulnerability received scant, if any, attention when Microsoft patched it in August, and Microsoft deemed the chances of actual exploitation “less likely.”

Read 9 remaining paragraphs | Comments

Source : https://arstechnica.com/?p=1709429