Dark Reading6 Jun 2024
RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks
CVE-2020-1472 is a privilege escalation flaw that allows an attacker to take over an organization's domain controllers.
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.
Microsoft ยท Netlogon
Known ransomware use: Known
Follow the source advisory and validate exposure in your environment.
Apply updates per vendor instructions.
Recent reporting that mentions CVE-2020-1472.
CVE-2020-1472 is a privilege escalation flaw that allows an attacker to take over an organization's domain controllers.