ZeroLogon – Are you ready?
Over 20 years ago there was mass panic within industry when Y2K issues and worries swept the world. We are now faced with issues brought on by an error at Microsoft potentially affecting server/domain logons from 19th February 2021. This potentially affects Windows Servers, Windows 7 to 10 Clients, and Linux devices.
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.
So, what’s next?
Now, Microsoft has announced that it will enforce the use of Secure RPC.
“beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows and non-Windows devices use Secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device.”