September 2020 by Jeff Costlow, ExtraHop CISO
“The Zerologon vulnerability (CVE-2020-1472) reported in Microsoft’s August Patch Tuesday, now has at least one public proof-of-concept (POC) exploit and we expect it to soon be actively exploited in the wild. This vulnerability is an easy to exploit for attackers to deploy and will surely cause problems for organizations who have not yet patched their Active Directory systems. The first POC’s have shown that unauthenticated attackers are able to obtain full administrator privileges on Active Directory systems. Any organizations without the ability to detect exploit attempts will remain at high risk if they delayed the patch as there is no way to know if they were exposed in between the time of reporting and the system update. We urge organizations to patch immediately and be aware that their system might have already been compromised."