The Cybersecurity and Infrastructure Security Agency (CISA) issued another alert for Zerologon which underscores the importance for organisations to apply the Zerologon patches as soon as possible.
Please find below a quote from Satnam Narang, Staff Research Engineer at Tenable.
“Since September, the Cybersecurity and Infrastructure Security Agency (CISA) has published several advisories detailing state-sponsored threat activity targeting known but unpatched vulnerabilities.
Despite multiple warnings about one such vulnerability – Zerologon – from both government agencies and Microsoft, attackers continue to actively exploit the flaw in the wild. Additionally, there is a new report that ransomware groups are also using the flaw as part of their attack toolkit. This vulnerability remains a hot commodity for attackers as each and every domain controller must be updated to thwart an attack. CISA warned that cybercriminals can exploit a vulnerable system within minutes.
There is a reason attackers continue to target Zerologon – they continue to find vulnerable systems. This latest alert underscores the importance for organisations to apply the Zerologon patches as soon as possible.”