Published January 16, 2021
Author: Ash Khan

Zerologon flaw is one of the critical matters discussed recently. Microsoft has decided to take this matter into its own hands as companies have not yet updated their systems to address Zerologon flaw.

After careful consideration and investigation, the tech giant – Microsoft has decided that from Feb 9, it will by default block vulnerable connections on devices that could be used to exploit the flaw. Some of the Microsoft’s Active Directory domain controllers are prone to be affected by Zerologon flaw.

Domain controllers of Microsoft Active Directory will respond to authentication requests and verify users on computer networks.

A successful exploitation of the Zerlogon flaw will allow unauthenticated attackers with network access to Active Directory’s domain controllers to completely compromise all Active Directory identity services.

The new initiative taken by Microsoft in which Domain Controller enforcement mode is implemented that “will block vulnerable connections from non-compliant devices,”.

Domain Controller enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel.

Unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device.

Secure RPC is an authentication method that authenticates both the host and the user who is making a request for a service.

This new implementation is an attempt to block cybercriminals from gaining network access to domain controllers.

Unauthorized access will eventually be used to exploit the Zerologon privilege-escalation glitch (CVE-2020-1472).

The Zerologon flaw, with a critical-severity CVSS score of 10 out of 10, was first addressed in Microsoft’s August 2020 security updates.

Starting Feb. 9, Microsoft said it will enable domain controller “enforcement mode” by default, a measure that would help mitigate the threat.

Considering the current situation of the internet and cybercrimes, this implementation would help businesses and individuals to minimize the risk of hacking.

If your business is looking for secure file transfer services that ensures your critical information is secure then, avail FTP Hosting services from IT Company.

Off