Microsoft has warned system administrators that pushing security updates that fix a vulnerability in Windows called Zerologon will begin next month.
Zerologon is a Critical Vulnerability ( CVE-2020-1472 ) with a maximum score of 10 on the CVSS Severity Scale. With its help, attackers can elevate privileges to a domain administrator and seize control of the domain.
A fix for the vulnerability was released as part of the August Patch Tuesday. The patch enables a secure connection using Remote Procedure Call (RPC). It also registers any incompatible devices in the environment so that system administrators can replace them before enforcing.
With the release of the next scheduled updates in February 2021, Microsoft will start automatically enabling secure connections using RPC for all devices on the network and will no longer register incompatible devices.
The company also presented an upgrade plan that includes the following procedures:
- Updating domain controllers with updates released on August 11, 2020.
- Identification of devices establishing a vulnerable connection by monitoring the event log.
- Performing addressing of incompatible devices establishing vulnerable connections;
- Enabling the forced fix mode for the Zerologon vulnerability.