Microsoft has observed attacks exploiting the serious security flaw dubbed “Zerologon”, the company’s security intelligence team reported in a tweet yesterday.
The vulnerability, officially called CVE-2020-1472 Netlogon EoP, can allow cyber attackers to get access to an unpatched Windows domain controller, leading to control over the internal network of an organisation. As a critical threat, it can be executed without user interaction.
Underscoring the significance of the risk, last week the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week instructing US federal agencies to apply a patch – issues by Microsoft in August – to all Windows Servers by 21 September.
Microsoft’s tweet said: “Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.”