Microsoft to Launch Enforcement Mode for Zerologon Flaw

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft to Launch Enforcement Mode for Zerologon Flaw


Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.



Microsoft has warned IT security admins that starting with its Feb. 9, 2021, security update, it will enable Domain Controller (DC) enforcement mode by default as a means of addressing a Critical remote code execution vulnerability affecting the Netlogon protocol.
This move will block vulnerable connections from noncompliant devices, according to a Microsoft Security and Response Center blog post. DC enforcement mode requires both Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with a Netlogon secure channel, unless a business has allowed an account to be exposed by adding an exception for a noncompliant device. 
CVE-2020-1472 is a privilege escalation flaw in the Windows Netlogon Remote Protocol (MS-NRPC) with a CVSS score of 10. It could enable an unauthenticated attacker to use MS-NRPC to connect to a domain controller and gain full admin access.
Since it was fixed in August, the Zerologon bug has
been seen in
active campaigns from Iranian threat group Mercury. The DHSs Cybersecurity and Infrastructure Security Agency (CISA)
later issued
an emergency directive for the flaw, requiring federal agencies to patch immediately.
Microsoft advises businesses to update Domain Controllers with the security update released Aug. 11, 2020, monitor event logs to find devices making vulnerable connections, address any noncompliant devices making vulnerable connections, and enable DC enforcement mode. 
Read the full
MSRC blog post
for more details.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft to Launch Enforcement Mode for Zerologon Flaw