Blog | G5 Cyber Security

Microsoft now forces secure RPC to block Windows Zerologon attacks

Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month’s Patch Tuesday security updates. Zerologon is a critical Netlogon Windows Server process security flaw (tracked as CVE-2020-1472) that allows attackers to elevate privileges to domain administrators and take control over the domain following successful exploitation. The only exception applies to DCs manually added by admins to a dedicated security group which allows vulnerable NetLogon secure channel connections.

Source: https://www.bleepingcomputer.com/news/security/microsoft-now-forces-secure-rpc-to-block-windows-zerologon-attacks/

Exit mobile version