Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2020-09-15) ZeroLogon Attack/Vulnerability Information

Posted by Jorge on 2020-09-15


This is about a serious attack on AD, which is currently possible when not patched and configured correctly. A lot of information, and tooling, is on the internet available since a month or so about the ZeroLogin vulnerability and attack.

THIS A SERIOUS ONE! ACT NOW IF YOU HAVE NOT ALREADY!

Please use for your own environment or for any customer you work for or know about. This requires immediate attention for ANY AD domain/forest that you manage, as just patching is not enough.

In addition to patching, forcing secure RPC is ALSO required to prevent unsecure anonymous requests in any way. Not forcing secure RPC means that anyone on the network can easily take over the AD domain and become an full blown admin.

It is possible to check through event IDs who is currently using unsecure RPC. Those systems need to be patched ASAP.

For more detailed info, please see below.

ZeroLogon Attack/Vulnerability Information

Required Actions

  • Read and understand the information above
  • Test and evaluate
  • Install patches
  • Force the use of Secure RPC NOW, do not wait until Feb 21st where it will be enabled by default!

Cheers,

Jorge

————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
####################
http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: