CVE-2020-1472: The Netlogon exploit that provides complete control of your Windows system to hackers easily. Patch now

A team of specialists from a malware analysis course has revealed an exploit for a newly fixed Windows Home vulnerability that could be exploited to access an organization’s Lively Listing area drivers, which function as the primary guardian of network-linked devices. 

Identified as CVE-2020-1472, the flaw received a high score according to Microsoft, and requires a threat actor to achieve a way to establish the target network, either as a non privileged user or by compromising a linked system.  

La imagen tiene un atributo ALT vacío; su nombre de archivo es windows15092020.jpg

These post-compromise exploits have proved increasingly valuable to ransomware or adware operator groups and even for spying purposes, and also only require victims to click on malicious links.

Although it can be very difficult for threat actors to scale privileges starting at a low level, this is where Zerologon becomes important, an exploit developed by experts from a Secura security firm malware analysis course. The exploit allows threat actors immediate access to Live Listing management, from where they can deploy all kinds of malicious activities.

Researchers say the exploit is 100% functional, although it won’t be publicly available until Microsoft releases a patch to fix the vulnerability completely. In addition, the researchers mention that the first patch released by the company may be abused to develop another exploit.

According to specialists in the malware analysis course, Zerologon works by sending a chain of zeros between multiple messages that use the Netlogon protocol, on which Windows Home servers depend to deploy multiple tasks. An unauthenticated user can use the exploit to obtain administrative credentials as long as hackers have the flexibility to determine TCP connections to a vulnerable area controller. It appears that the flaw exists due to the implementation of AES-CFB8 on Windows, although it could also be an issue related to the use of the AES encryption protocol.

In a security alert, Microsoft mentioned: “A security update was released in August 2020; customers who apply the installation have protection against the exploitation of this flaw.” 

While some users claim that the flaw is not really critical, the researchers argue that this argument is at odds with the in-depth defense precept, which advocates creating a number of layers of protection that anticipate cost-effective violations and create redundancies to mitigate them.