Security researchers and US government authorities have been alerting the public to a critical privilege escalation flaw in Microsoft services, urging admins to address the pressing security issue. A proof-of-concept exploit code has been recently released for a Windows flaw that could allow attackers to obtain administrative privileges within a company’s network. Microsoft addressed the flaw in its 2020 security updates, however, the PoC exploits were released through the platform Github late last week.
The vulnerability has been named Zerologon, and has a CVSS score of 10 out of 10, meaning that it is high-risk and critical in severity. Researchers at Secura formally discovered the flaw, and published technical details of the vulnerability last Friday, stressing that it could basically allow an attacker on the local network to completely overtake and compromise the Windows domain. A threat actor could simply plug the device into an on-premise network port, and quickly have access to troves of sensitive information. The flaw lies in Netlogon Remote Protocol, which is available on Windows domain controllers and used for various tasks relating to authentication.