Microsoft Domain Controller “ZeroLogon” and RCE Vulnerabilities

By Fortra's Digital Defense

Microsoft Domain Controller “ZeroLogon” Vulnerability

A recent disclosure by Dutch security firm Secura B.V. has highlighted how dangerous a Netlogon vulnerability (CVE-2020-1472) included in the August 2020 Patch Tuesday release can be to a network.  To exploit this vulnerability, an attacker with an established foothold in an internal network could exploit the weak cryptographic algorithm used by Netlogon authentication to impersonate any computer on the network, including the Domain Controller itself, disable security features, and change a computer’s password on the Domain Controller.  It is expected this vulnerability will be utilized by threat actors, especially ransomware groups, now that a simplified way to pivot from a client side attack to a full domain compromise is feasible.  Please ensure that your systems are patched with Microsoft’s August 2020 release to mitigate.

Frontline.Cloud currently has an authenticated check 138007 MS20-AUG: Microsoft Windows Security Update, a High rated severity added August, 14th, 2020. 

Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability

A RCE flaw was disclosed with the 8 September Patch Tuesday release, designated as CVE-2020-16875.  An unpatched Exchange Server with version 2016 and 2019 may be exploited with System level privileges if an attacker were to send a specially crafted email that takes advantage of incorrect cmdlet parameter validation.  The exploit requires the user to be authenticated to the Exchange Server with an unspecified role.  No additional mitigations have been provided by Microsoft.  Please patch as soon as possible to mitigate this vulnerability.

Frontline.Cloud includes an authenticated check 138222 MS20-SEP: Microsoft Exchange Server Security Update, a High rated severity with scanner release 3.0.61.0.

Share This