Wednesday, January 20, 07:30
Home security Zerologon bug: Allows hackers to invade corporate networks

Zerologon bug: Allows hackers to invade corporate networks

Microsoft last month fixed one of the most serious bugs ever reported to the company, an issue that could lead to Windows Server running as domain controllers on corporate networks.

The error was corrected on Patch Tuesday of August 2020 with ID CVE-2020-1472. Described as "privilege enhancement" on Netlogon (Netlogon is a Windows server process that identifies users and others services in a domain).

The vulnerability received a maximum severity score of 10, but the details were never made public, meaning users and IT admins they did not know how dangerous the problem was.


But in a blog post today, the team at Secura BV (Dutch security company) posted more details about this mysterious error with a technical report describing CVE-2020-1472 in greater depth.

And according to the report, the bug is really worthy of the severity of 10/10 CVSSv3.

According to Secura experts, the error, which they named Zerologon, exploits a patient cryptographic algorithm used in the Netlogon authentication process.

This error allows an attacker to manipulate Netlogon authentication processes and:

  • impersonates any computer on a network when trying to authenticate against the domain controller
  • Disables security features in the Netlogon authentication process
  • changes the password of a computer in the Active Directory of the domain controller

The point, and the reason why the bug was named Zerologon, is that the attack is done by adding zero characters to some parameters of Netlogon authentication.

The attack is very fast and can last up to three seconds at most. In addition, there are no limits to how one intruder can use the Zerologon attack. For example, the attacker could also appear as the domain controller himself and change his password, allowing the attacker to take over the management of the entire corporate network.

There are restrictions on how a Zerologon attack can be used. Cannot be used to take over Windows servers from outside network. A intruder it first needs to be already in the network.

However, when this condition is met, the game literally ends for the company.

"This attack has a huge impact," Secura said. "It basically allows any attacker on the local network to completely compromise the Windows domain."

In addition, this bug is also a gift for malware and ransomware gangs, which often rely on contamination of a computer within a company network to spread malware /ransomware and on other computers. With Zerologon, this process has been greatly simplified.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.



The creator of PUBG is planning an IPO worth $ 27,2 billion! Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...