A critical Windows Server vulnerability that affects Microsoft Windows Servers that are configured as Domain Controllers has been seen in the wild for the first time this week according to Microsoft.
The vulnerability known as CVE-2020-1472 or “Zerologon” as its being called allows an attacker to gain control over an Active Directory Domain Controller within seconds of running the exploit. The vulnerability has a CVSS 3.0 score of 10.0, the highest risk possible and Microsoft has urged all system administrators to patch all Domain Controllers immediately to avoid catastrophic attacks.
A security update to patch the vulnerability was released in August 2020 by Microsoft, but countless servers have not been patched, leading to potentially widespread use of the exploit for any internet connected Domain Controllers.
This is the latest example of how critical vulnerability management and security monitoring are as part of your daily security routine. Patching should be second nature to most system admins at this point and Windows Servers should be updated monthly to avoid devastating attacks such as Zerologon.
Read more about the Zerologon exploit at ArsTechnica Here