Article 5968Y Hackers are using a severe Windows bug to backdoor unpatched servers

Hackers are using a severe Windows bug to backdoor unpatched servers

by
Dan Goodin
from Ars Technica - All content on (#5968Y)
server-admins-800x617.jpg

Enlarge (credit: Getty Images)

One of the most critical Windows vulnerabilities disclosed this year is under active attack by hackers who are trying to backdoor servers that store credentials for every user and administrative account on a network, a researcher said on Friday.

Zerologon, as the vulnerability has been dubbed, gained widespread attention last month when the firm that discovered it said it could give attackers instant access to active directories, which admins use to create, delete, and manage network accounts. Active directories and the domain controllers they run on are among the most coveted prizes in hacking because once hijacked, they allow attackers to execute code in unison on all connected machines. Microsoft patched CVE-2020-1472, as the security flaw is indexed, in August.

On Friday, Kevin Beaumont, working in his capacity as an independent researcher, said in a blog post that he had detected attacks on the honeypot he uses to keep abreast of attacks hackers are using in the wild. When his lure server was unpatched, the attackers were able to use a powershell script to successfully change an admin password and backdoor the server.

Read 6 remaining paragraphs | Comments

index?i=7TMwZkbhELY:yMDta5QiVRs:V_sGLiPB index?i=7TMwZkbhELY:yMDta5QiVRs:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments