Microsoft issues guidance on mitigating PetitPotam NTLM relay attacks
Microsoft has issued guidance on mitigating PetitPotam NTLM relay attacks against Windows domain controllers or other Windows servers.
Domain Controller
Microsoft launches Phase 2 fix for Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
Microsoft has announced the launch of Phase 2 permanent fix for a Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) that was patched last August.
Exploit code available for ‘Zerologon’ vulnerability (CVE-2020-1472) that affects Microsoft Netlogon
The Cybersecurity and Infrastructure Security Agency (CISA) issued a new security advisory warning of publicly available exploit code for a Microsoft Netlogon vulnerability CVE-2020-1472. Researchers have dubbed the vulnerability ‘Zerologon’ that could allow attackers to hijack Windows domain controllers.
TrickBot trojan updates propagation module with nworm to evade detection
TrickBot recently replaced one of its propagation modules “mworm” with new module named “nworm.” The updated module can exploit vulnerable domain controllers (DCs) and evade detection by running in memory.