Sign In

Communications of the ACM

ACM TechNews

Windows Exploit Lets You Instantly Become Admin. Have You Patched?

View as: Print Mobile App Share:
A casually dressed man smiles next to exposed computer components.

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to the Active Directory domain controllers that act as a gatekeeper for all machines connected to a network.

Credit: VGrigas (WMF)

Researchers from security firm Secura have developed and published an exploit for a recently patched Windows flaw that can enable instant access to Active Directory domain controllers.

Zerologon sends a thread of zeros in a series of messages that use the Netlogon protocol, which Windows servers rely on for various tasks, including end-user network log-ins.

Parties with no authentication can use Zerologon to obtain domain administrative credentials, provided they can establish Transmission Control Protocol links with a vulnerable domain controller.

The Secura researchers said Zerologon "basically allows any attacker on the local network (such as a malicious insider or someone who simply plugged in a device to an on-premise network port) to completely compromise the Windows domain."

The flaw is rooted in the Windows implementation of the Advanced Encryption Standard cryptography protocol with cipher feedback to encrypt and validate authentication messages as they travel the internal network.

Microsoft issued a patch in August, and the researchers said they will not release the exploit until they are certain the patch has been widely deployed on vulnerable servers.

From Ars Technica
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account