Domain Controller Archives

Microsoft issues guidance on mitigating PetitPotam NTLM relay attacks

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 28, 2021 / AD SC, Certificate Authority, Domain Controller, EPA, IIS, NTLM, PetitPotam, Relay Attack, SMB, Windows

Microsoft has issued guidance on mitigating PetitPotam NTLM relay attacks against Windows domain controllers or other Windows servers.

Microsoft launches Phase 2 fix for Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 11, 2021 / CVE-2020-1472, Domain Controller, Microsoft, MS-NRPC, Windows

Microsoft has announced the launch of Phase 2 permanent fix for a Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) that was patched last August.

Exploit code available for ‘Zerologon’ vulnerability (CVE-2020-1472) that affects Microsoft Netlogon

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 15, 2020 / CVE-2020-1472, Domain Controller, Microsoft, MS-NRPC, Netlogon, Windows

The Cybersecurity and Infrastructure Security Agency (CISA) issued a new security advisory warning of publicly available exploit code for a Microsoft Netlogon vulnerability CVE-2020-1472. Researchers have dubbed the vulnerability ‘Zerologon’ that could allow attackers to hijack Windows domain controllers.

TrickBot trojan updates propagation module with nworm to evade detection

Malware / By Frank Crast / June 2, 2020 / Active Directory, Domain Controller, mshare, nworm, Palo Alto Networks, SMB, Trickbot, Windows

TrickBot recently replaced one of its propagation modules “mworm” with new module named “nworm.” The updated module can exploit vulnerable domain controllers (DCs) and evade detection by running in memory.