PDQ.com mobilePDQ.com desktop

(CVE-2020-1472) 'ZeroLogon' Vulnerability

Jordan Hammond

Remember back in August how I wrote about how “There is nothing near as severe as we got from Sigred”? Well, it turns out this was not entirely accurate. You see, there was a patch (CVE-2020-1472) included that, based on the title, made it seem like it was not a massive deal. I didn't even have it in my Lowlights section. It turns out that we all missed something significant here. Secura released a blog covering exactly what that bug means, and it is pretty damn bad. So let’s take a look at why ZeroLogon is rated a 10/10 by the CVSS. You can watch our accompanying video to this blog post here or keep reading below.

How Does It work

All an attacker would need is the ability to set up a TCP connection (HTTPS, SMTP, FTP, or SSH), and they can take over your environment. They do not even need any domain credentials. Using a flaw in a cryptographic protocol used to prove the authenticity of a domain-joined computer, they are able to spoof the identity of any machine, including a Domain Controller, and set a blank password. A hacker could completely take over your domain in seconds.

So What Can We Do

Luckily, this was patched in August, a full month before Secura released the white papers on this. If you are keeping your environment patched, you are fine. If you are behind, then it just became EXTREMELY critical that you patch now. This exploit is now known to the public, the risk for systems that are out of date just went through the roof. Are you patched and still feeling skittish about how things stand? I feel you, and luckily Securas work with this has been top-notch, and they even included a tool that will allow you to test your environment to make sure you are secure. If we are going to learn anything from this, it is that even when things don’t look super bad on the surface, it is probably best to maintain your vigilance in keeping everything patched.

Ready to get started with PDQ Deploy & Inventory?

Take our 14-day Free Trial.
This round is on us!

Don't miss the next post!

September 2020 Patch Tuesday Vulnerabilities

September 2020 Patch Tuesday Updates and Vulnerabilities

© 2020 PDQ.com Corporation


  • PDQ Deploy
  • PDQ Inventory
  • PDQ Link
  • Enterprise SL
  • Pricing
  • Downloads
  • Licensing
  • Buy