Lately, I heard a lot of ZeroLogon been mentioned in most of the internet browser/website. Due to that, I will also update the post with ZeroLogon Vulnerability.
What is ZeroLogon Vulnerability?
For those are still not familiar with ZeroLogon Vulnerability, it’s a vulnerability that potentially related to a catastrophic vulnerability that used NetLogon Authentication process as the attacker way exploit it. The vulnerability has been registered as CVE-2020-1472
As been mentioned in some of the report, the vulnerability can be rated as 10/10 in CVSSv3 severity score sheet.
A group of an attacker can exploit the vulnerability by manipulating the Netlogon authentication procedure via the method mentioned below:
- An attacker can impersonate any computer identity within the target network whenever they are trying to authenticate the target’s domain controller.
- An attacker will gain permission to disable all the security features within the Netlogon authentication process within the target’s machine.
- The worse case would that the attacker can change the affected’s machine password that resides in domain controller’s Active Directory which it can only mean they have joined the domain and gains the database of all computer and password
And per the report, the bug is truly worthy of its 10/10 CVSSv3 severity score. What can be scariest is that the attack only takes approximately three seconds to be executed.
On this vulnerability, Microsoft have diffuclity in order to realease an patch which normally an average of Mean Time to Patch(MTTP) would take approximately around 60 to 150 days. As been said, Security Resrearchers have found the vulnerability and publish in the early August.
As a result, it will take Microsoft to implementing an patch for the vulnerability will be expected between October 2020 and January 2021.
What to do next?
Microsoft have released an workaround or temporary fix to the user in August patch but there might be a case where the attacker can be found a way to break the patch.
However, Microsoft anticipates that the patch might be end up breaking authentication on some devices.
For the time being, Secura have release an python script in order for system administration to be alert whether the patch have been secure the Operating System properly.