Description

The branded Zerologon vulnerability is related to a critical vulnerability (CVE-2020-1472) in Windows Server that has received a CVSS score of 10.0 from Microsoft. It consists of an elevation of privileges that exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). This vulnerability allows attackers to compromise a domain and acquire domain administrators privileges.

See Also

Secura Zerologon whitepaper

Microsoft documentation about CVE-2020-1472

Microsoft security update

Indicator Details

Name: Zerologon Exploitation

Codename: I-Zerologon

Severity: Critical

MITRE ATT&CK Information:
ID: T1210
Sub-technique of: T1210
Tactic: TA0008