Welcome to the IKCEST
English
English 中文 русск français español العربية

Language

We detect your regional language is French. Do you want to change site's language to French? You may choose other languages.

International

English
中文
русск
français
español
العربية
No Change
Old Version Old Version
Mobile
Scan this QR code on your phone to browse IKCEST
Sign up Notification
LV1 10/100
User Center
My Training Class
Feedback
 Logout
Become author
ALL
ALL Expert Article Patent Conference Article Book Organization
Multilingual Search
Advanced Search
Hot Search:

Patch this critical server vulnerability now, Microsoft warns
Sep 25, 2020

Source: https://www.techradar.com/news/patch-this-critical-server-vulnerability-now-microsoft-warns

It takes around min to read this article.

(Image credit: Shutterstock / Roman Samborskyi)

Microsoft has reiterated an earlier warning to patch against a vulnerability affecting Windows Server, after attacks exploiting the bug were identified in the wild.

Known as Zerologon, the vulnerability affects systems running Windows Server 2008 R2 and later, including recent services using versions of Server based on Windows 10.

If exploited, the flaw could allow an attacker to gain full access to a network, escalate their administrative privileges and seize control of the domain.

As a result, Zerologon has been handed a maximum severity rating of 10/10 by the Common Vulnerability Scoring System (CVSS).

Microsoft remedied the vulnerability with a patch on August 11, but remains concerned that a significant proportion of affected organizations are still at risk.

Windows Server vulnerability

Microsoft’s intervention follows an emergency directive issued by the US Cybersecurity and Infrastructure Security Agency (CISA), which urged government agencies to update their systems to safeguard against the flaw.

The organization claimed to be reacting to “a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency.”

The vulnerability was further described as posing an “unacceptable risk” that therefore demands an “immediate and emergency reaction”.

Now, in a series of tweets, Microsoft has reiterated CISAs message: that businesses should install the patch as soon as possible. 

“Microsoft is actively tracking threat actor activity using exploits for the [Zerologon vulnerability]. We have observed attacks where public exploits have been incorporated into attacker playbooks,” explained the firm.

“We’ll continue to monitor developments and update the threat analytics report with the latest info. We strongly recommend customers to immediately apply security updates,” it added.

The company also shared three exploit samples that it believes are being used to launch attacks on vulnerable businesses.

For information on how to protect against the Zerologon flaw, consult this guide.

See more Computing news

Original Text (This is the original text for your reference.)

(Image credit: Shutterstock / Roman Samborskyi)

Microsoft has reiterated an earlier warning to patch against a vulnerability affecting Windows Server, after attacks exploiting the bug were identified in the wild.

Known as Zerologon, the vulnerability affects systems running Windows Server 2008 R2 and later, including recent services using versions of Server based on Windows 10.

If exploited, the flaw could allow an attacker to gain full access to a network, escalate their administrative privileges and seize control of the domain.

As a result, Zerologon has been handed a maximum severity rating of 10/10 by the Common Vulnerability Scoring System (CVSS).

Microsoft remedied the vulnerability with a patch on August 11, but remains concerned that a significant proportion of affected organizations are still at risk.

Windows Server vulnerability

Microsoft’s intervention follows an emergency directive issued by the US Cybersecurity and Infrastructure Security Agency (CISA), which urged government agencies to update their systems to safeguard against the flaw.

The organization claimed to be reacting to “a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency.”

The vulnerability was further described as posing an “unacceptable risk” that therefore demands an “immediate and emergency reaction”.

Now, in a series of tweets, Microsoft has reiterated CISAs message: that businesses should install the patch as soon as possible. 

“Microsoft is actively tracking threat actor activity using exploits for the [Zerologon vulnerability]. We have observed attacks where public exploits have been incorporated into attacker playbooks,” explained the firm.

“We’ll continue to monitor developments and update the threat analytics report with the latest info. We strongly recommend customers to immediately apply security updates,” it added.

The company also shared three exploit samples that it believes are being used to launch attacks on vulnerable businesses.

For information on how to protect against the Zerologon flaw, consult this guide.

See more Computing news
Comments

    Something to say?

    Log in or Sign up for free

    Disclaimer: The translated content is provided by third-party translation service providers, and IKCEST shall not assume any responsibility for the accuracy and legality of the content.
    Translate engine
    Article's language
    English
    中文
    Pусск
    Français
    Español
    العربية
    Português
    Kikongo
    Dutch
    kiswahili
    هَوُسَ
    IsiZulu
    Action
    Report Collection
    Share
    Related

    Report

    Select your report category*



    Reason*



    By pressing send, your feedback will be used to improve IKCEST. Your privacy will be protected.

    Submit
    Cancel
    ICP备案号:京ICP备14021735号-1    © 2008 - 2023 IKCEST All rights reserved | Sitemap | Contact | About IKCEST

    New sign-in location:     

    Last sign-in location:     

    Last sign-in date: