Researchers from security firm Secura have developed and published an exploit for a recently patched Windows flaw that can enable instant access to Active Directory domain controllers.
Zerologon sends a thread of zeros in a series of messages that use the Netlogon protocol, which Windows servers rely on for various tasks, including end-user network log-ins.
Parties with no authentication can use Zerologon to obtain domain administrative credentials, provided they can establish Transmission Control Protocol links with a vulnerable domain controller.
The Secura researchers said Zerologon "basically allows any attacker on the local network (such as a malicious insider or someone who simply plugged in a device to an on-premise network port) to completely compromise the Windows domain."
The flaw is rooted in the Windows implementation of the Advanced Encryption Standard cryptography protocol with cipher feedback to encrypt and validate authentication messages as they travel the internal network.
Microsoft issued a patch in August, and the researchers said they will not release the exploit until they are certain the patch has been widely deployed on vulnerable servers.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found