Microsoft reiterated a previous warning about patching a vulnerability affecting Windows Server after attacks that exploited the flaw were discovered in the wild.
The vulnerability known as Zerologon affects systems running Windows Server 2008 R2 and later, including the latest services using server versions that are based on Windows 10.
If the bug is exploited, it could give an attacker full access to a network, increase their administrative rights and take control of the domain.
As a result, Zerologon was awarded a maximum severity rating of 1
Microsoft patched the vulnerability on August 11th, but remains concerned that a significant portion of the affected organizations remain at risk.
Windows Server Vulnerability
Microsoft’s intervention follows one Emergency Policy issued by the US Cybersecurity and Infrastructure Security Agency (CISA), which asked government agencies to update their systems to protect themselves from the bug.
The organization said it was responding to “a known or reasonably suspected threat, security vulnerability, or information security incident that poses a significant threat to an agency’s information security”.
The vulnerability was also described as an “unacceptable risk” that requires an “immediate and urgent response”.
Well in one Series of tweetsMicrosoft repeated the CISAs message: Companies should apply the patch as soon as possible.
“Microsoft is actively tracking the activities of threat actors through exploits for the [Zerologon vulnerability]. We have seen attacks that include public exploits in attacker playbooks, ”the company said.
“We will continue to monitor developments and update the threat assessment report with the latest information. We strongly encourage customers to apply security updates immediately, ”he added.
The company also shared three examples of exploits that it believes could be used to launch attacks on vulnerable companies.
Information on protecting against the Zerologon error can be found here conduct.