Microsoft has reiterated an earlier warning to patch against a vulnerability affecting Windows Server, after attacks exploiting the bug were identified in the wild.
Known as Zerologon, the vulnerability affects systems running Windows Server 2008 R2 and later, including recent services using versions of Server based on Windows 10 (opens in new tab).
If exploited, the flaw could allow an attacker to gain full access to a network, escalate their administrative privileges and seize control of the domain.
- These are the best ransomware protection (opens in new tab) tools around today
- Check out our list of the best antivirus (opens in new tab) services right now
- Get rid of any issues with the best malware removal (opens in new tab) tools
As a result, Zerologon has been handed a maximum severity rating of 10/10 by the Common Vulnerability Scoring System (CVSS).
Microsoft remedied the vulnerability with a patch on August 11, but remains concerned that a significant proportion of affected organizations are still at risk.
Windows Server vulnerability
Microsoft’s intervention follows an emergency directive (opens in new tab) issued by the US Cybersecurity and Infrastructure Security Agency (CISA (opens in new tab)), which urged government agencies to update their systems to safeguard against the flaw.
The organization claimed to be reacting to “a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency.”
The vulnerability was further described as posing an “unacceptable risk” that therefore demands an “immediate and emergency reaction”.
Now, in a series of tweets (opens in new tab), Microsoft has reiterated CISAs message: that businesses should install the patch as soon as possible.
“Microsoft is actively tracking threat actor activity using exploits for the [Zerologon vulnerability]. We have observed attacks where public exploits have been incorporated into attacker playbooks,” explained the firm.
“We’ll continue to monitor developments and update the threat analytics report with the latest info. We strongly recommend customers to immediately apply security updates,” it added.
The company also shared three exploit samples that it believes are being used to launch attacks on vulnerable businesses.
For information on how to protect against the Zerologon flaw, consult this guide (opens in new tab).
- Here's our list of the best endpoint protection (opens in new tab) services right now