Zerologon

Zerologon (formally: CVE-2020-1472) is a critical vulnerability in Microsoft's authentication protocol Netlogon, as implemented in some versions of Microsoft Windows and Samba.^[1]

Severity

Zerologon has a score of 10 under the Common Vulnerability Scoring System.^[2][3] It allows attackers to access all valid usernames and passwords in each Microsoft network that they breached.^[4][5] This in turn allows them to access additional credentials necessary to assume the privileges of any legitimate user of the network, which in turn can let them compromise Microsoft 365 email accounts.^[4][5]

Unusually, Zerologon was the subject of an emergency directive from the United States Cybersecurity and Infrastructure Security Agency.^[6]

In 2020, Zerologon started to be used in global attacks against the automotive, engineering and pharmaceutical industry.^[7] Zerologon was also used to hack the Municipal wireless network of Austin, Texas.^[4]

See also

• 2020 United States federal government data breach

References

1. "This Week In Security: Too Little Too Late, And Other Stories". Hackaday. 2020-10-23. Retrieved 2021-01-13.
2. "What is Zerologon?". Trend Micro. 2020-09-18. Retrieved 2021-01-13.
3. "New Windows exploit lets you instantly become admin. Have you patched?". Ars Technica. 2020-09-14. Retrieved 2021-01-13.
4. Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". The Intercept. Archived from the original on December 17, 2020. Retrieved December 18, 2020.
5. "CISA orders agencies to quickly patch critical Netlogon bug". CyberScoop. September 21, 2020. Archived from the original on October 30, 2020. Retrieved December 18, 2020.
6. "Microsoft: Attackers Exploiting 'ZeroLogon' Windows Flaw". Krebs on Security. 24 September 2020. Retrieved 2021-01-13.
7. Osborne, Charlie (2020-11-18). "Hacking group exploits ZeroLogon in automotive, industrial attack wave". ZDNet. Retrieved 2021-01-13.