Application Security
Fraud Management & Cybercrime
Governance & Risk Management

U.S. government agencies are supposed to have patched theZerologonvulnerability by now, about six weeks after Microsoft issued a patch.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive on Friday asking agencies to apply the patch no later than midnight Tuesday. Agencies are required to report their compliance by Wednesday.

CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” according to CISA’s advisory.

CISA can force government agencies to make fixes. But being more public about problematic vulnerabilities is a way to call them to the attention of private companies that might be using the same products, nudging them to also patch the vulnerabilities as soon as possible.

The agency has recently issued advisories about vulnerabilities in F5’s BIG-IP network products and Pulse Secure VPN servers.

CISA says the factors leading to the latest directive include the availability of exploit code, the wide use of vulnerable domain controllers, the high chance of compromise and the continued presence of unpatched systems.

If the domain controllers can’t be updated, CISA says those devices should be removed from networks.

The Zerologon vulnerability, CVE-2020-1472, exists in the Microsoft Windows Netlogon Remote Protocol, or MS-NRPC, an authentication component of Active Directory that organizations use to manage user accounts, including authentication and access.

Security firm Trend Micro says a Zerologon attackcan be executed in approximately three seconds, so it could be very dangerous.An attacker could use the exploit to impersonate the identity of any computer that is authenticating against the domain controller.

“From there, a variety of other attacks, including but not limited to disabling security features, changing passwords and essentially taking over the domain are possible,” the firm warns.

One piece of good news is that the vulnerability can’t be remotely exploited. But if an attacker already has network access, they could use Zerologon to quickly traverse the network.

Microsoft issued a Zerologon patch on Aug. 11, but it only provides a partial fix. The update enables domain controllers to protect devices, but a more robust fix from Microsoft will still be required, according to Dustin Childs of the Zero Day Initiative, which is part of Trend Micro.

A second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug,” Childs says in a Trend Micro blog post.

Microsoft has outlined steps administrators should take as well as the implications of its plan to enforce Netlogon’s secure channel connections.

Also, the Samba Team has released a patch for its suite of file and print services for Windows and Linux. Samba also uses the Netlogon protocol. But the default behavior for Samba since version 4.8, which was released in March 2018, has been to use a secure Netlogon channel, according to its advisory.

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

90 minutes · Premium OnDemand

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizationsrisk management capabilities. But no one is showing them how
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
the bible of risk assessment and managementwill share his unique insights on how to:

Sr. Computer Scientist & Information Security Researcher,
National Institute of Standards and Technology (NIST)

Need help registering?
Contact support

Need help registering?
Contact support

Need help registering?
Contact support

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.


Microsoft Corporation, Cyberattack, Computer security, Exploit, Vulnerability

World news – US – CISA Pushes Government Agencies to Patch ‘Zerologon’ Flaw

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here


Please enter your comment!
Please enter your name here