September 2020 Tips - CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability

"The Cybersecurity and Infrastructure Security Agency, better known as CISA, issued an alert late on Friday requiring all federal departments and agencies to “immediately” patch any Windows servers vulnerable to the so-called Zerologon attack.

The Zerologon vulnerability, rated the maximum 10.0 in severity, could allow an attacker to take control of any or all computers on a vulnerable network, including domain controllers, the servers that manage a network’s security. The bug was appropriately called “Zerologon,” because an attacker doesn’t need to steal or use any network passwords to gain access to the domain controllers, only gain a foothold on the network."

Microsoft has released a patch and instructions on the 2 phase process they are implementing to address this issue.

In-Synch Systems highly suggests you discuss this vulnerability with your IT department to ensure proper data protection is in place. Please refer to the articles linked within this post for more details on this security issue and Microsoft's recommended solution.