In the case of Windows updates, even more so since of the recent history of bad quality control that results in numerous things breaking after installation. This time, nevertheless, the seriousness of a newly-discovered flaw makes that risk pale in contrast to the risk of compromising your Windows domain.
Security researchers have revealed new proof-of-concept code for a Windows flaw that permits an aggressor to easily infiltrate business networks, gain administrative opportunities, and get full access to Active Directory site domain controllers on Windows servers.
The defect, dubbed “Zerologon,” is basically a serious privilege-escalation glitch that Microsoft has actually dealt with in the August 2020 security updates. That implies that if you’ve postponed the installation of those patches, you might have a huge problem in your hands, as there are now 4 additional methods showed on GitHub.
When Dutch security business Secura found a vulnerability in Netlogon, it was catalogued as a less serious flaw than Zerologon, as it needed a person-in-the-middle attack for it to end up being an efficient tool for harmful stars. However, Zerologon enables an enemy to craft an authentication token for the Netlogon Remote Protocol that opens the possibility to set the computer password of the Domain Controller to something of their choosing.
Scientists described that the problem comes from the incorrect usage of AES-CFB8 file encryption, which needs randomly-generated initialization vectors for each authentication message. Since Windows doesn’t take this requirement into consideration, an assailant can input zeros into specific fields to make taking over the domain controller in a matter of seconds, in a process detailed here
Microsoft’s August 2020 security patch applies this requirement to render all Zerologon attacks inefficient, and Secura has actually published a Python script that can inform administrators if their Domain Controller has been covered correctly.