Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft US election warning: Attackers hit Windows 10 Netlogon flaw

October 30, 2020
in Internet Security
Microsoft US election warning: Attackers hit Windows 10 Netlogon flaw
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft has warned Windows 10 customers that it has received “a small number of reports” about attacks on its Netlogon protocol, which it patched in August. 

The Windows maker issued another alert on Thursday following its warning in September that attackers were exploiting the elevation of privilege vulnerability affecting the Netlogon Remote Protocol (MS-NRPC). 

You might also like

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

Criminals spread malware using website contact forms with Google URLs

It’s a protocol used by admins for authenticating a Windows Server as a domain controller. The flaw it contained was serious enough for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to order US government agencies to apply Microsoft’s patch for the bug – tracked as CVE-2020-1472 but also called Zerologon –  within three days of its release in the August Patch Tuesday update.

Defensive security researchers found that the bug was easy to exploit, making it a prime target for more opportunistic attackers. But when Microsoft released the patch on Tuesday, August 11, some system admins were not aware of its severity. 

Attackers could exploit the flaw to run malware on a device on the network after spoofing Active Directory domain controller accounts. As a weapon, it had the added bonus of publicly available  proof-of-concept Zerologon exploits soon after Microsoft released its patch. 

CISA warned agencies to patch the flaw swiftly because Windows Server domain controllers are widely used in US government networks, and the bug had a rare severity rating of 10 out of 10. It prompted CISA to direct agencies to apply the patch on the same week as Microsoft’s August 11 patch was released.

Microsoft has updated its support document for the bug to provide further clarity. It recommends that admins update Domain Controllers with the patch, monitor logs for devices making connections to the server, and to enable enforcement mode. 

Microsoft and CISA are particularly concerned that the flaw could be used to by cyber attackers to disrupt the US elections. The company in September warned that Chinese, Iranian, and Russian hackers had targeted the Biden and Trump campaigns.

“We contacted CISA, which has issued an additional alert to remind state and local agencies, including those involved in the US elections, about applying steps necessary to address this vulnerability,” Microsoft said. 

The bug was serious enough for Microsoft to issue a registry key that helped admins enable ‘enforcement mode'” before the company makes that mode mandatory on February 9, 2021.   

Credit: Zdnet

Previous Post

Browsers Bugs Exploited to Install 2 New Backdoors on Targeted Computers

Next Post

(2020-2026) Data Science and Machine Learning Service Market Growth Analysis, Opportunities, Trends, Developments and Forecast – Aerospace Journal

Related Posts

These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
Next Post
(2020-2025) Data Science and Machine Learning Service Market – Trends & Leading Players| Industry Size, Growth, Segments, Revenue, Manufacturers & Forecast Research Report

(2020-2026) Data Science and Machine Learning Service Market Growth Analysis, Opportunities, Trends, Developments and Forecast – Aerospace Journal

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
ANZ Bank: We’ve been using machine learning for 20 years
Machine Learning

ANZ Bank: We’ve been using machine learning for 20 years

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft
Data Science

Robust Artificial Intelligence of Document Attestation to Ensure Identity Theft

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021
  • BRATA Malware Poses as Android Security Scanners on Google Play Store April 13, 2021
  • 6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome April 13, 2021
  • ANZ Bank: We’ve been using machine learning for 20 years April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates