Microsoft to Launch Enforcement Mode for Zerologon Flaw

  /     /     /  
Publicated : 23/11/2024   Category : security

Microsoft to Launch Enforcement Mode for Zerologon Flaw


Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.


Microsoft has warned IT security admins that starting with its Feb. 9, 2021, security update, it will enable Domain Controller (DC) enforcement mode by default as a means of addressing a Critical remote code execution vulnerability affecting the Netlogon protocol.
This move will block vulnerable connections from noncompliant devices, according to a Microsoft Security and Response Center blog post. DC enforcement mode requires both Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with a Netlogon secure channel, unless a business has allowed an account to be exposed by adding an exception for a noncompliant device. 
CVE-2020-1472 is a privilege escalation flaw in the Windows Netlogon Remote Protocol (MS-NRPC) with a CVSS score of 10. It could enable an unauthenticated attacker to use MS-NRPC to connect to a domain controller and gain full admin access.
Since it was fixed in August, the Zerologon bug has
been seen in
active campaigns from Iranian threat group Mercury. The DHSs Cybersecurity and Infrastructure Security Agency (CISA)
later issued
an emergency directive for the flaw, requiring federal agencies to patch immediately.
Microsoft advises businesses to update Domain Controllers with the security update released Aug. 11, 2020, monitor event logs to find devices making vulnerable connections, address any noncompliant devices making vulnerable connections, and enable DC enforcement mode. 
Read the full
MSRC blog post
for more details.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Microsoft to Launch Enforcement Mode for Zerologon Flaw