Zerologon – TheCyberThrone

Zerologon Enforcement Mode

The Netlogon distant code execution vulnerability, disclosed final August, has been weaponized by APT teams.Microsoft has launched part two mitigation for the important Zerologon vulnerability disclosed in August 2020. CVE-2020-1472…

PravinKarthik February 12, 2021

Windows Zero Logon Enforcement

By Feb 2021 Patch Tuesday Microsoft will allow Domain Controller “enforcement mode” by default to handle CVE-2020-1472. Microsoft is having issues when it arrives to providers that haven’t still up-to-date…

PravinKarthik January 16, 2021

Sopra Steria …. Ryuked.. Services down

IT services provider Sopra Steria has confirmed that it was hit by a “new version” of the Ryuk ransomware that was “previously unknown to antivirus software providers and security agencies”.…

PravinKarthik October 26, 2020

TA 505 ! Exploits Zerologon

Microsoft in september released a statement on Netlogon vulnerability that persisted in windows server active directory . Tracked this Vulnerability as CVE 2020-1472 elevation of privilege,The flaw exists when an…

PravinKarthik October 10, 2020

Zero Logon actively expolited by Iran Mercury APT

Microsoft is warning that an Iranian nation-state actor is now actively exploiting the Zerologon vulnerability (CVE-2020-1472), adding fuel to the fire as the severe flaw continues to plague businesses. The…

PravinKarthik October 7, 2020

Zerologon ! Goes Wild

Threat actors are activly exploiting the Windows Server Zerologon vulnerability in recent attacks. Microsoft strongly recommends all Windows administrators to install the security updates.As part of the August 2020 Patch…

PravinKarthik September 24, 2020

CVE 2020-1472 – Exploit goes wild

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon…

PravinKarthik September 14, 2020