New Windows exploit lets you instantly become admin. Have you patched?

reader comments

78 with 64 posters participating

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device.

An “insane” bug with “huge impact”

Such post-compromise exploits have become increasingly valuable to attackers pushing ransomware or espionage spyware. Tricking employees to click on malicious links and attachments in email is relatively easy. Using those compromised computers to pivot to more valuable resources can be much harder.

It can sometimes take weeks or months to escalate low-level privileges to those needed to install malware or execute commands. Enter Zerologon, an exploit developed by researchers from security firm Secura. It allows attackers to instantly gain control of the Active Directory. From there, they will have free rein to do just about anything they want, from adding new computers to the network to infecting each one with malware of their choice.

“This attack has a huge impact,” researchers with Secura wrote in a white paper published on Friday. “It basically allows any attacker on the local network (such as a malicious insider or someone who simply plugged in a device to an on-premise network port) to completely compromise the

Continue reading – Article source