Freely subscribe to our NEWSLETTER

Claire Tills, senior research engineer with Tenable’s Security Response Team has analysed the significant moments in Zerologon’s timeline offering the following observations:

“In a year of headline-making vulnerabilities and incidents, Zerologon (CVE-2020-1472) stands out due to its widespread adoption by threat actors and it’s checkered disclosure timeline.

“The summer of 2020 was an exhaustingly busy few months in the cybersecurity sector. Just in the scheduled, recurring security releases from Oracle, Microsoft and Adobe, over 800 vulnerabilities were added to prioritization queues between July 14 and September 10, 2020.

“Microsoft itself patched 120 CVEs in August, including Zerologon, rating the vulnerability ‘Critical’ and scoring it 8.8, stating that exploitation was ‘less likely.’ However, and the timeline is a little sketchy, later that day Microsoft updated its guide re-scoring Zerologon as 10.0 with exploitation ‘more likely.’ This could be the reason it received limited mention in most Patch Tuesday analyses.

“Defenders rely on accurate, timely information from vendors in order to make effective prioritization decisions. The less information they receive or the more inaccurate it is, the harder it gets for the industry to defend from attackers.”

Claire has published her full analysis of Zerologon in a blog post. A more detailed overview of the 2020 vulnerability season, and how Zerologon fits into the larger security landscape, are covered in Tenable’s Threat Landscape Retrospective report.