Microsoft Warns of Active Exploitation of the “Zerologon” Bug in Windows Server
Microsoft Warns of Active Exploitation of the “Zerologon” Bug in Windows Server Over the last two weeks, Microsoft has warned that the security vulnerability in Windows Server operating systems called “Zerologon” has been actively exploited. What Is Zerologon? The security vulnerability dubbed as Zerologon was first discovered by Tom Tervoort, Senior Security Specialist at Secura. This vulnerability designated as CVE-2020-1472 is a vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory – referring to Microsoft’s proprietary directory service that allows IT administrators to authenticate computers within a network. The vulnerability in Netlogon Remote Protocol allows an unauthenticated attacker with existing network access to a Windows Server operating system with the Active Directory domain controller role to completely compromise all Active Directory identity services. In…