Your IT Consultant

Homeland Security Issues Emergency Patch Directive

September 22, 2020

Ars Technica reported that Federal agencies have until midnight September 22, 2020 to patch a critical Windows vulnerability. The vulnerability is called Zerologon and allows an attacker to gain unauthorized control of Active Directory. Microsoft released a patch last month that addresses the vulnerability. It was originally thought that the vulnerability could only be exploited when the attacker was inside the network. Since then, security researchers have learned that Zerologon (CVE-2020-1472) can be externally exploited over the internet via SMB. Why anyone would expose Active Directory over the internet is beyond me, but apparently there are a lot of exposed machines available.

To quote Ars Technica, "Queries using the Binary Edge search service show that almost 30,000 domain controllers are viewable and another 1.3 million servers have RPC exposed. In the event either of these settings apply to a single server, it may be vulnerable to remote attacks that send specially crafted packets that give full access to the active directory." Sorry…but that is just crazy. It's bad enough that computers aren't patched over a month after a fix is released, but intentionally exposing services to the internet without protection is a formula for disaster. No wonder data breaches and ransomware attacks are on the rise.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com