Microsoft warns of attacks against Netlogon
Microsoft warns of attacks against Netlogon

Microsoft warned Windows 10 customers that it received a small number of attacks against the patch protocol (Netlogon) in August.

After a warning in September that attackers had exploited a vulnerability (CVE-2020-1472) affecting the Netlogon protocol, the software giant issued a new warning.

Netlogon is a process (Windows Server) used to authenticate users and other services in the domain.

Since this is a service and not an application, (Netlogon) will always run in the background unless it is manually closed or closed due to a runtime error.

The vulnerability is severe enough that CISA requires US government agencies to implement Microsoft bug fixes within three days of the August update.

Security researchers have concluded that the vulnerability is easy to exploit, making it a prime target for opportunistic attackers.

Attackers can use this vulnerability to run malware on network computers after pretending to be an Active Directory account.

CISA forces US government agencies to make corrections. Given that the domain controller (Active Directory) is spread over the US government network, with a full 10 degree, the severity of this error is very rare.

Microsoft has updated the documentation for this error to provide more clear information.

The company recommends administrators update Active Directory with fixes, monitor logs of devices connected to the server, and enable enforcement mode.

Microsoft fears that a cyber attacker may use the vulnerability to sabotage the US elections.

In September, the company warned that hackers in China, Iran and Russia had targeted Biden and Trump's activities.

Microsoft said: We have contacted the Cybersecurity and Infrastructure Security Agency (CISA), which has issued another warning to remind governments and local authorities, including those who vote in the US elections, to take the necessary steps to pledge to resolve this vulnerability.

Before the company imposed this mode on February 9, 2021, the vulnerability was so severe that the software giant released a registry key that administrators could use to enable Execute Mode.

Previous Post Next Post