top of page

ZEROLOGON Vulnerability




ZeroLogon is a vulnerability which exits within the netlogon protocol.


What is netlogon ?


Netlogon service is a Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

For more info visit


This vulnerability is exploitable due to flaw that is present with the encryption implimentation of AES-CFB8 (which is used for netlogon protocol encryption)


Sending a string of zeros to the netlogon triggers the vulnerability. By doing so the attacker can do privilege escalation and gain the admin privileges.

This can provide the attacker with :

-Access to the entire domain

-Further exploitation

-Network disruption

-Data exfiltration


In August 2020 Microsoft has provided a security update regarding this vulnerability which you can find here


You can use the ZeroLogon Tester Script to test your network for this vulnerability.

You can find the scipt here : https://github.com/SecuraBV/CVE-2020-1472


Secura has also released a whitepaper which you can find here


Hope this post was informational.

Until next post Stay tuned

27 views0 comments

Recent Posts

See All
bottom of page