Zerologon Patches Roll Out Beyond Microsoft
What if you have an older server? Like a Windows Server 2008?
The Zerologon was a problem that was patched in August on a patch Tuesday of course.
Race to patch as Microsoft confirms Zerologon attacks in the wild
article also from ComputerWeekly.com
Bottom line is that the vulnerability with Microsoft systems is being abused by hackers, and unfortunately some machines can’t be patched.
from the Threatpost story: {Microsoft did issue a patch for the flaw in August, during its regularly scheduled Patch Tuesday updates. However, not all systems are compatible with the fix, according to Mitja Kolsec, CEO and co-founder at 0patch, which issued a “micropatch” of its own for the bug.} For example Windows Server 2008R2 is at EOL (End Of Life) So there were no patches for that operating system.
Lucky for those unfortunate few there is a company (zeropatch or 0patch) has a micropatch available for those that have not upgraded yet.
This particular case is typical in the world of Information technology Security in that there are always a few systems which are harder to patch or upgrade and thus are susceptible to vulnerabilities.
So in the long term one has to make the changes necessary to watch your operating systems when they become EOL and update the systems or if possible upgrade/change the computer (a new OS in a new computer). The problem is that some software does not change with the times as quick as one would like. You may be using software that has not updated their code quick enough since Microsoft changes the technologies so quickly that the small software company may not be able to keep up.
This is not a new issue, and when you buy software you have to keep an eye on updates since if the company does not create enough updates there may be a situation when it is too late, and now the software needs to be replaced.
There is another option and that is to isolate the old system – to use a Next generation firewall to protect the system. I.e. port 200 is vulnerable and then deny port 200 to be used. But this method may not be possible as the port may be needed for users.
Microsoft’s states that there are no
Mitigations available: “Microsoft has not identified any mitigating factors for this vulnerability.” for the August patch which is typical.
The proper patch will be available in early 2021.
After patching one still needs to deploy Domain Controller enforcement mode as noted in Microsoft’s information:
Do I need to take further steps to be protected from this vulnerability?
Yes. After installing the security updates released on August 11, 2020, you can deploy Domain Controller (DC) enforcement mode now or wait for the Q1 2021 update. See How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 for more details.
Contact Us to discuss your specific needs