19 C
Jaipur
Tuesday, October 27, 2020

Microsoft warns that hackers are exploiting a severe Windows security flaw – BGR

Must read

Samsung Galaxy S21 May Ditch Bundled Earphones And Charger Like Apple

A few weeks ago, Apple made headlines after announcing that the iPhone 12 won’t ship with a charger or a pair of earphones. And now it...

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...

  • Homeland Security issued a rare warning about a Windows Server vulnerability that would give attackers complete control of every computer on a network.
  • The CISA warning said at the time that it assumes active exploitation is occurring in the wild, advising everyone to apply the August patch that Microsoft release.
  • Microsoft on Thursday noted that it has already observed attacks that incorporate the new Windows flaw.

Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency alert last week, over what appears to be one of the worst Windows flaws in recent history. Security researchers have identified a vulnerability so severe that it received a maximum severity score (10.0), prompting the agency to advise all governmental agencies to update their computers using Microsoft’s first patch for the issue that was launched a few weeks ago. The issue is so severe that a second update will be released early next year to further deal with the matter.

When CISA released the warning, it advised everyone to “go get patching,” including governmental agencies, state and local governments, private companies, and the general public. It also said at the time that it assumed that “active exploitation of this vulnerability is occurring in the wild.” Microsoft has since confirmed those assumptions, indicating that it found evidence of hackers taking advantage of the Zerologon vulnerability.

Zerologon is very dangerous because it allows malicious individuals to take over computers on a network without stealing any credentials beforehand. The attack involves forging an authentication token for a Netlogon functionality, which then opens doors to everything.

A flaw in a cryptographic authentication scheme makes it all possible. After access is granted to the network, the attackers could infect computers with additional malware and extract data from those computers.

Microsoft tweeted an updated on the matter on Thursday, saying that it is “is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon.” The company said that it observed “attacks where public exploits have been incorporated into attacker playbooks,” without detailing any security incidents.

Despite the warning from CISA, not everyone may have patched their network, which explains why some hackers might already be exploiting the attack. The flaw affects most supported versions of Windows Server, KrebsOnSecurity explains. That includes Server 2008 through Server 2019.

Most Windows users would not even have to deal with the patch themselves. Still, they could be directly impacted if the governmental agency or company they worked at is targeted via a Zerologon attack before admins patch the network.

Microsoft might not be the only company to have observed malicious activity involving the new exploit. Tenable research engineering manager Scott Caveza said that samples of .NET executables called “SharpZeroLogon.exe” had been uploaded to VirusTotal, a Google service that scans suspicious files against antivirus programs.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he’s not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that’s not necessarily a bad thing.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Samsung Galaxy S21 May Ditch Bundled Earphones And Charger Like Apple

A few weeks ago, Apple made headlines after announcing that the iPhone 12 won’t ship with a charger or a pair of earphones. And now it...

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...

waymo: Waymo, Daimler partner to make self-driving trucks – Latest News

Alphabet Inc's autonomous driving technology development unit, Waymo, and a division of Germany's luxury carmaker Daimler AG have teamed up to make heavy-duty, self-driving...