As most will have hopefully read by now the ZEROLOGON vulnerability in Windows (CVE-2020-1472) is pretty wild. Basically by passing Windows netlogon process bypassing a series of zeros to it. Fun times!

Microsoft did issue a patch in their August 2020 updates here
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472, however I'm skeptical that people actually read the FAQ at the bottom of the article:

Image:ZEROLOGON and why you may not actually be protected

Notice that link in the highlighted section? Here it is
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

Which leads us to this nugget:


Image:ZEROLOGON and why you may not actually be protected

So your Domain Controllers are not fully protected? Admittedly this is a pretty confusing list of bullet points but it does seem to suggest the patch reports as opposed to enforces non-Windows machines. My assumption seems to be backed up by this paragraph below that mentions enforcement will being with the February 2021 patch Tuesday:


Image:ZEROLOGON and why you may not actually be protected
OK, so you installed the patch and your secure right? From Windows devices? Looks like. From non-Windows? I don't believe so unless you add this registry entry otherwise you are flying pants down until February when Microsoft will do it for you:


Image:ZEROLOGON and why you may not actually be protected
Darren Duke   |   September 25 2020 11:08:39 AM   |    security    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (0)

No Comments Found