The Cybersecurity and Infrastructure Security Agency (CISA) issued another alert for Zerologon which underscores the importance for organisations to apply the Zerologon patches as soon as possible.
Satnam Narang, Staff Research Engineer at Tenable, says,
“Since September, the Cybersecurity and Infrastructure Security Agency (CISA) has published several advisories detailing state-sponsored threat activity targeting known but unpatched vulnerabilities.
Despite multiple warnings about one such vulnerability – Zerologon – from both government agencies and Microsoft, attackers continue to actively exploit the flaw in the wild. Additionally, there is a new report that ransomware groups are also using the flaw as part of their attack toolkit. This vulnerability remains a hot commodity for attackers as each and every domain controller must be updated to thwart an attack. CISA warned that cybercriminals can exploit a vulnerable system within minutes.
There is a reason attackers continue to target Zerologon – they continue to find vulnerable systems. This latest alert underscores the importance for organisations to apply the Zerologon patches as soon as possible.”