IT Blog

Security

Security Alert: ZeroLogin Active Directory Exploit!

A seriously disturbing vulnerability has been found in the Microsoft Active Directory system and proof of concept exploits have been made available making the likelihood of exploit extremely high. The vulnerability allows an unauthenticated attacker to take over Active Directory allowing full domain admin access. Microsoft has released a partial patch back in August. The vulnerability CVE-2020-1472 is one that shouldn’t be ignored, and we urge all Microsoft Active Directory consumers to ensure their estate is patched as soon as possible.

The key notes are as follows:

Affected Systems:

  • Windows Server 2008
  • Windows Server 2012
  • Windows Server 2016
  • Windows Server 2019

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

More detail can be found at the below resources:

Microsoft Release
Rapid7
AttackerKB