A patch was released by Microsoft in August of 2020 for this level 10 critical security vulnerability reported by Tom Tervoort, Senior Security Researcher at Secura.
When the patch was released in August, there were no reported exploits publicly published. However, on Monday, September 14th, The Cybersecurity and Infrastructure Agency (CISA) reported finding a publicly published exploit of “Zerologon”.
Best practice is to always “patch early and often” but the publishing of the exploit raises the urgency to get systems patched. The service “Netlogon” is the vulnerable service that has the “Zerologon” vulnerability that can be exploited.
If you haven’t patched your Windows servers and especially your domain controllers, we highly suggest you get it scheduled ASAP!
You can read more detail from the Software Engineering Institute’s CERT Coordination Center. Additionally in the CERTCC report, there is content on further mitigation that can be performed that will also be part of a second round of patching from Microsoft in the February 2021 timeframe.
