OOOHHH!! SCARY HALLOWEEN STORY!! Microsoft US election warning:Attackers hit Windows 10 Netlogon flaw

Microsoft has warned Windows 10 customers that it has received
"a small number of reports" about attacks on its Netlogon
protocol, which it patched in August.

The Windows maker issued another alert on Thursday following its
warning in September that attackers were exploiting the
elevation of privilege vulnerability affecting the Netlogon
Remote Protocol (MS-NRPC).

It's a protocol used by admins for authenticating Windows Server
as a domain controller. The flaw it contained was serious enough
for the Department of Homeland Security's Cybersecurity and
Infrastructure Security Agency (CISA) to order US government
agencies to apply Microsoft's patch for the bug – tracked as CVE-
2020-1472 but also called Zerologon – within three days of its
release in the August Patch Tuesday update.

SEE: Security Awareness and Training policy (TechRepublic
Premium)

Defensive security researchers found that the bug was easy to
exploit, making it a prime target for more opportunistic
attackers. But when Microsoft released the patch on Tuesday,
August 11, some system admins were not aware of its severity.

Attackers could exploit the flaw to run malware on a device on
the network after spoofing Active Directory domain controller
accounts. As a weapon, it had the added bonus of publicly
available proof-of-concept Zerologon exploits soon after
Microsoft released its patch.

CISA warned agencies to patch the flaw swiftly because Windows
Server domain controllers are widely used in US government
networks, and the bug had a rare severity rating of 10 out of
10. It prompted CISA to direct agencies to apply the patch on
the same week as Microsoft's August 11 patch was released.

Microsoft has updated its support document for the bug to
provide further clarity. It recommends that admins update Domain
Controllers with the patch, monitor logs for devices making
connections to the server, and to enable enforcement mode.

Microsoft and CISA are particularly concerned that the flaw
could be used to by cyber attackers to disrupt the US elections.
The company in September warned that Chinese, Iranian, and
Russian hackers had targeted the Biden and Trump campaigns.

"We contacted CISA, which has issued an additional alert to
remind state and local agencies, including those involved in the
US elections, about applying steps necessary to address this
vulnerability," Microsoft said.

The bug was serious enough for Microsoft to issue a registry key
that helped admins enable 'enforcement mode' before the company
makes that mode mandatory on February 9, 2021.

https://www.zdnet.com/article/micros...ction-warning-
attackers-hit-windows-10-netlogon-flaw/

On 2020-10-30 13:59, mail.zip2.in Anonymous Remailer wrote:
CVE-2020-1472

also affects SAMBA domain controllers, FYI


--
(aka 'Bombastic Bob' in case you wondered)

'Feeling with my fingers, and thinking with my brain' - me

'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"