TL;DR: Additional, non-all zeroes challenge strings, to exploit Zerologon

The recently discovered Zerologon vulnerability (CVE-2020-1472) is one of the most dangerous Windows’ security issues exposed in recent years. Zerologon enables attackers to take over a whole Windows domain, and therefore its criticality appropriately scored the ultimate, perfect 10 CVSS score.

Microsoft released a patch for this issue on August, but it got the deserved attention only after the discovering party, Secura, released their technical report on September. Once the technical details were exposed, multiple exploits were publicly released, requiring an emergency directive for federal agencies to patch immediately. …

About

Tal Be'ery

All things CyberSecurity. Security Research Manager. Co-Founder @ZenGo (KZen). Formerly, VP of Research @ Aorato acquired by @Microsoft ( MicrosoftATA)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store