Avast blog: Zerologon is a Nasty Windows Server Domain bug: Patch now!

A new vulnerability in Windows domain controllers has been discovered by security researchers at Secura. In a published paper in September, they found the cryptographic flaw and called it Zerologon. It takes advantage of the Netlogon Remote Protocol that is used in the authentication process. All that is to exploit this flaw – and compromise a wide variety of Active Directory identity services — is a TCP-level connection to the domain controller itself. Secura published a test tool on Github that can tell you whether a domain controller is vulnerable or not. Researchers have seen evidence of its use in the wild already, which is why you want to patch your servers asap.

You can read more about this scourge on my Avast blog post.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.