Antivirus

Microsoft warns that hackers are exploiting a severe Windows security flaw

Homeland Security issued a rare warning about a Windows Server vulnerability that would give attackers complete control of every computer on a network. The CISA warning said at the time that it assumes active exploitation is occurring in the wild, advising everyone to apply the August patch that Microsoft release. Microsoft on Thursday noted that…

Homeland Security issued a rare warning about a Windows Server vulnerability that would give attackers complete control of every computer on a network.
The CISA warning said at the time that it assumes active exploitation is occurring in the wild, advising everyone to apply the August patch that Microsoft release.
Microsoft on Thursday noted that it has already observed attacks that incorporate the new Windows flaw.

Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency alert last week, over what appears to be one of the worst Windows flaws in recent history. Security researchers have identified a vulnerability so severe that it received a maximum severity score (10.0), prompting the agency to advise all governmental agencies to update their computers using Microsoft’s first patch for the issue that was launched a few weeks ago. The issue is so severe that a second update will be released early next year to further deal with the matter.

When CISA released the warning, it advised everyone to “go get patching,” including governmental agencies, state and local governments, private companies, and the general public. It also said at the time that it assumed that “active exploitation of this vulnerability is occurring in the wild.” Microsoft has since confirmed those assumptions, indicating that it found evidence of hackers taking advantage of the Zerologon vulnerability.

Zerologon is very dangerous because it allows malicious individuals to take over computers on a network without stealing any credentials beforehand. The attack involves forging an authentication token for a Netlogon functionality, which then opens doors to everything.

A flaw in a cryptographic authentication scheme makes it all possible. After access is granted to the network, the attackers could infect computers with additional malware and extract data from those computers.

Microsoft tweeted an updated on the matter on Thursday, saying that it is “is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon.” The company said that it observed “attacks where public exploits have been incorporated into attacker playbooks,” without detailing any security incidents.

Despite the warning from CISA, not everyone may have patched their network, which explains why some hackers might already be exploiting the attack. The flaw affects most supported versions of Windows Server, KrebsOnSecurity explains. That includes Server 2008 through Server 2019.

Most Windows users would not even have to deal with the patch themselves. Still, they could be directly impacted if the governmental agency or company they worked at is targeted via a Zerologon attack before admins patch the network.

Microsoft might not be the only company to have observed malicious activity involving the new exploit. Tenable research engineering manager Scott Caveza said that samples of .NET executables called “SharpZeroLogon.exe” had been uploaded to VirusTotal, a Google service that scans suspicious files against antivirus programs.
Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Antivirus

Bitdefender Antivirus for Mac review: Excellent protection held back by frustrating flaws

Macworld At a GlanceExpert’s Rating Pros Excellent malware detection Fast scan performance Very low system impact Effective ransomware protection Generous 30-day free trial Cons InConsistent phishing protection Chat Protection needs improvement No scheduled scans Log export unavailable VPN requires separate subscription Our Verdict Bitdefender Antivirus for Mac remains one of the stronger security suites available

Macworld

At a GlanceExpert’s Rating

Pros

Excellent malware detection

Fast scan performance

Very low system impact

Effective ransomware protection

Generous 30-day free trial

Cons

InConsistent phishing protection

Chat Protection needs improvement

No scheduled scans

Log export unavailable

VPN requires separate subscription

Our Verdict
Bitdefender Antivirus for Mac remains one of the stronger security suites available for macOS…
Read More

Continue Reading
Antivirus

I Turned Off All Antivirus Protection for a Week. Here’s What I Learned

Disabling my antivirus for a week taught me that the most important security tool you have isn’t software…

Disabling my antivirus for a week taught me that the most important security tool you have isn’t software…
Read More

Continue Reading
Antivirus

Malware Has Gotten Smarter. Here’s How Your Antivirus Has, Too

Antivirus software used to hunt for known malware, but now it’s predicting suspicious behavior before an attack fully lands…

Antivirus software used to hunt for known malware, but now it’s predicting suspicious behavior before an attack fully lands…
Read More

Continue Reading
Antivirus

Why There’s Simply No Need For Android Antivirus Apps Anymore

Many Android users install an antivirus app on a new device without thinking twice. In 2026, there are good reasons to skip that step entirely…

Many Android users install an antivirus app on a new device without thinking twice. In 2026, there are good reasons to skip that step entirely…
Read More

Continue Reading