ZEROLOGON Vulnerability

ZeroLogon is a vulnerability which exits within the netlogon protocol.

What is netlogon ?

Netlogon service is a Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

For more info visit

This vulnerability is exploitable due to flaw that is present with the encryption implimentation of AES-CFB8 (which is used for netlogon protocol encryption)

Sending a string of zeros to the netlogon triggers the vulnerability. By doing so the attacker can do privilege escalation and gain the admin privileges.

This can provide the attacker with :

-Access to the entire domain

-Further exploitation

-Network disruption

-Data exfiltration

In August 2020 Microsoft has provided a security update regarding this vulnerability which you can find here

You can use the ZeroLogon Tester Script to test your network for this vulnerability.

You can find the scipt here : https://github.com/SecuraBV/CVE-2020-1472

Secura has also released a whitepaper which you can find here

Hope this post was informational.

Until next post Stay tuned