Site icon CT Link Systems, Inc.

Security Advisory: Zerologon, a level 10 Critical Vulnerability

It was recently discovered that a new Critical vulnerability, named Zerologon, has been found for windows which is so severe that the Common Vulnerability Scoring System (CVSS) has given it a score of 10 out of 10 and Microsoft itself has rated it as a severe vulnerability.

What is Zerologon?

The vulnerability was found in Netlogon which is the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. The vulnerability in Netlogon allows for attackers to:

The only limitation for the vulnerability is that the attack can only be done if the threat actors already have gotten into your network.

What can I do?

Firstly, it is highly recommended that you update your Microsoft security to avoid this vulnerability. This is the most important step into making sure that your network is not affected by this critical vulnerability. You can find the Microsoft security advisory CVE-2020-1472 here.

If patching cannot be done immediately, one way to help mitigate an attack is to prevent attackers from getting into the network. As stated above, the limitation of this attack is centered on them getting inside the network, however, once they do, it means that they will be able to take control of your whole network.

Trend Micro Solution

For our Trend Micro customers, Deep Security or Apex One can be used to do virtual patching to help mitigate the attacks to help ensure that your network is safe. Below are the IPS rules that may help you strengthen your defense if patching cannot be done immediately:

IPS Rules

Deep Security and Cloud One – Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP)

Please note that both rules are already set to Prevent.


Other Inspection / Detection Rules

Deep Discovery Inspector

For those interested in learning more about the attacks, Trend Micro is also hosting a webinar this coming September 29, 2020 to talk more in detail about the vulnerability. You can register for the free webinar here.

If you have any questions with regards to either Zerologon or the Trend Micro solution to help prevent the attacks, please just contact us via email (rcruz@www.ctlink.com.ph) or through our landline 88939515 and we would be happy to answer your inquiries!


Texture vector created by macrovector

Exit mobile version