According to a tweet from Microsoft’s Security Intelligence team, they’ve observed that a nation-state actor has been leveraging CVE-2020-1472, a critical elevation of privilege vulnerability in Netlogon. Researchers named this vulnerability “Zerologon” because of how the exploit abuses the initialisation vectors within the logon process, which are set to zeros rather than being randomly generated.
Please find below a comment from Rody Quinlan, Security Response Manager at Tenable:
“Given the large availability of working proof of concepts (PoCs), and overall impact from exploitation, it’s unsurprising that known groups are looking to take advantage of this Netlogon vulnerability, dubbed Zerologon. Exploitation, if successful, allows the complete takeover of the Windows domain – that’s the virtual equivalent of the keys to the kingdom. A quick search on GitHub reveals that there are currently at least 40 repositories containing PoC code relating to this flaw. There are also working exploit scripts that defenders and attackers alike can utilize to exploit this vulnerability. This is going to be one of the more favourable vulnerabilities this year for malicious parties and it’s imperative that organizations either patch or take remediative action immediately to prevent systems from being compromised.”
HP recently published a security bulletin to address multiple vulnerabilities in HP Device Manager, software that’s used to manage HP Thin Clients remotely. The three vulnerabilities disclosed to HP by security researcher Nick Bloor warned that a combination of these vulnerabilities could allow an attacker to gain remote command execution on the vulnerable system through the HP Device Manager.
Please find below a comment from Satnam Narang, Staff Research Engineer at Tenable. A full analysis of the vulnerabilities is available here.
“HP Device Manager is a popular software solution used to manage HP Thin Clients remotely. The three vulnerabilities disclosed in HP’s recent security bulletin by themselves are notable. However, a pair of the flaws, CVE-2020-6926 and CVE-2020-6927, when combined could allow an attacker to gain remote command execution on the vulnerable system through the HP Device Manager. HP has so far released patches for the 5.0.x branch of HP Device Manager, so organizations using this particular branch release should upgrade to 5.0.4 as soon as possible. If an organization is using a previous version of HP Device Manager, there are mitigation steps in HP’s security bulletin that can be taken to protect against these attacks until a patch becomes available.”
19 comments
purchase atorvastatin online atorvastatin 80mg brand atorvastatin cheap
ciprofloxacin order online – buy amoxicillin 500mg generic
erythromycin cost
ivermectin 12mg pills – buy generic sumycin for sale sumycin 250mg tablet
furosemide ca – order coumadin online generic capoten
purchase glucophage without prescription – purchase lincomycin generic buy lincomycin tablets
order retrovir sale – buy glucophage online cheap cheap zyloprim
clozaril 100mg tablet – order clozapine generic buy generic famotidine 20mg
anafranil for sale online – asendin 50mg cheap sinequan 75mg without prescription
buy generic amoxicillin for sale – buy ceftin pill baycip pill
cleocin 300mg pill – oral cefixime 100mg chloramphenicol usa
cost albuterol – buy theophylline 400 mg online theo-24 Cr usa
ivermectin dosage – buy ivermectin uk order cefaclor without prescription
order glyburide 5mg without prescription – order micronase 2.5mg buy forxiga cheap
repaglinide pill – repaglinide online buy empagliflozin 10mg generic
glycomet 500mg generic – order sitagliptin 100mg online order acarbose 50mg online
brand ketoconazole – how to get mentax without a prescription order sporanox without prescription
brand digoxin – digoxin 250 mg without prescription purchase furosemide online
famciclovir 500mg generic – order valaciclovir 1000mg online cheap buy valcivir paypal
buy hydrochlorothiazide without a prescription – zebeta tablet order bisoprolol for sale