Windows had one of the worst vulnerabilities patched this year, but those who did not update, are at risk of exploitation by malicious hackers. Microsoft warned those lagging to update now.
CVE-2020-1472 is the name given to the vulnerability. It allows hackers to access the Active Directory. The Active Directory is a Windows server resource that performs the function of gatekeeping for machines connected to a network.
The vulnerability is also known as Zerologon because malicious hackers can access a vulnerable network with minimal effort. They send a string of zeroes in messages that use the Netlogon protocol.
Attacks in the wild
Zerologon has a critical severity rating from Microsoft and a maximum score of 10 on the Common Vulnerability Scoring system. Even with this high rating, Microsoft said in August that the chances of actual exploitation are ‘less likely.’
Last week, the cybersecurity world paid attention when proof-of-concept exploits showed in a detailed way, just how severe the threat is and how easy it is to exploit.
On Wednesday, Microsoft said in a series of tweets that Zerologon was being exploited publicly as attackers incorporate it into their campaigns. The software giant provided several digital signatures of files used in the attacks but did not add any details about this issue.
The modus operandi is simple
The severity of this vulnerability makes it possible for ransomware attacks to work effectively. Controlling the central provisioning directory gives malicious hackers access to infect many machines in mere minutes.
State-sponsored hackers, hacker collectives, and lone wolves start by exploiting a computer with low-level privileges in a network. They trick employees into clicking on malicious files. Then they work their way up to higher levels and take control with ease after that.
The risk is high, and updates will help those exposed.