Patch this critical server vulnerability now, Microsoft warns

(Image credit: Shutterstock / Roman Samborskyi)
Audio player loading…

Microsoft has reiterated an earlier warning to patch against a vulnerability affecting Windows Server, after attacks exploiting the bug were identified in the wild.

Known as Zerologon, the vulnerability affects systems running Windows Server 2008 R2 and later, including recent services using versions of Server based on Windows 10 (opens in new tab).

If exploited, the flaw could allow an attacker to gain full access to a network, escalate their administrative privileges and seize control of the domain.

As a result, Zerologon has been handed a maximum severity rating of 10/10 by the Common Vulnerability Scoring System (CVSS).

Microsoft remedied the vulnerability with a patch on August 11, but remains concerned that a significant proportion of affected organizations are still at risk.

Windows Server vulnerability

Microsoft’s intervention follows an emergency directive (opens in new tab) issued by the US Cybersecurity and Infrastructure Security Agency (CISA (opens in new tab)), which urged government agencies to update their systems to safeguard against the flaw.

The organization claimed to be reacting to “a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency.”

The vulnerability was further described as posing an “unacceptable risk” that therefore demands an “immediate and emergency reaction”.

Now, in a series of tweets (opens in new tab), Microsoft has reiterated CISAs message: that businesses should install the patch as soon as possible. 

“Microsoft is actively tracking threat actor activity using exploits for the [Zerologon vulnerability]. We have observed attacks where public exploits have been incorporated into attacker playbooks,” explained the firm.

“We’ll continue to monitor developments and update the threat analytics report with the latest info. We strongly recommend customers to immediately apply security updates,” it added.

The company also shared three exploit samples that it believes are being used to launch attacks on vulnerable businesses.

For information on how to protect against the Zerologon flaw, consult this guide (opens in new tab).

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.