"Are Your Domain Controllers Safe From Zerologon Attacks?"
Several proof-of-concept (POC) exploits were released for "Zerologon," a critical elevation of privilege vulnerability found in Microsoft's Netlogon Remote Protocol. The vulnerability, discovered by Secura researchers, impacts all supported Windows Server versions, but it poses the most danger to servers functioning as Active Directory domain controllers. This vulnerability derives from a flaw in a cryptographic authentication scheme used by the protocol. According to the researchers, an attacker on the local network can use the flaw to completely compromise the Windows domain. This article continues to discuss the privilege flaw found in Microsoft's Netlgon in relation to its origin, potential exploitation by attackers, and remediation.
Help Net Security reports "Are Your Domain Controllers Safe From Zerologon Attacks?"