CVE-2020-1472 (ZeroLogon)
Vendor and product: Microsoft Netlogon Remote Protocol
This bug, known as ZeroLogon in Microsoft’s Netlogon Remote Protocol, enables an attacker to escalate privileges when they establish a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol. Essentially, attackers can leverage this but to obtain domain administrator access.
Microsoft patched the bug in August 2020, but CISA and other agencies issued a warning in September that the bug was being actively exploited. Since it also made the list of 2021 bugs, it’s safe to assume that it is still being actively exploited on unpatched systems.
Return To Article
