Domain Controller Exploit

Rated as a 10 of 10 on the common vulnerability scoring.

Domain controller exploit. Secura digital security advisors and researchers have discovered a highly critical vulnerability with active directory domain controllers. It allows attackers to instantly gain control of the active directory. Deploying the august 11 2020 security update or later release to every domain controller is the most critical first step toward addressing this vulnerability.

Finding the domain controller s ip address on the domain controller open powershell and execute the ipconfigcommand. I added a mitigation section at the end of the post as well as events from a patched domain controller when attempting to exploit in the events section. Enter zerologon an exploit developed by researchers from security firm secura.

I successfully ran the exploit using a non domain joined windows computer on the network without admin credentials. Once fully deployed active directory domain controller and trust accounts will be protected alongside windows domain joined machine accounts. Make a note of its ip address.

This vulnerability has been named zerologon by cybersecurity firm secura and when exploited allows attackers to elevate their privileges to a domain administrator and take control over a domain. From there they will have free rein to do. Cve 2020 1472 aka zerologon affects all supported windows server versions but the danger is highest for servers that function as active directory domain controllers in enterprise networks.

There are detection methods available to ensure that attempts to exploit ms14 068 are identified and flagged. A remote attacker can exploit this vulnerability to breach unpatched active directory domain controllers and obtain domain administrator access.