Advertisement

After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later

The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others.
netlogon
Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. (Getty Images)

Nothing brings urgency to a software vulnerability like an exploit demonstrating its potency.

That’s what happened Monday when researchers at Dutch cybersecurity company Secura released a “proof of concept” exploit for a vulnerability in the Netlogon protocol that Microsoft employs to authenticate users within a domain.

The vulnerability could allow “an attacker with a foothold on your internal network to essentially become [domain administrator] with one click,” as Secura analysts put it. That means an attacker could “impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.”

Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others and prompt influential voices in the industry to sound the alarm. Corporate security teams can’t pay attention to every single software vulnerability, but they can’t afford to ignore flaws like this one.

Advertisement

Rob Joyce, a longtime National Security Agency official, called the Netlogon exploit “powerful,” summing up its ease-of-use as “no fuss, no muss.” The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned that “unpatched systems will be an attractive target for malicious actors.” And private-sector analysts said time was of the essence.

“It’s unlikely that it will take long for a fully weaponized exploit [or several] to hit the internet,” wrote Caitlin Condon, manager of software engineering at security firm Rapid7. The firm advised users to “patch on an emergency basis due to the severity of the vulnerability, the availability of an easily weaponizable PoC, and the ease of exploitation.”

The Netlogon flaw also shows how fixing critical bugs can be a tedious process. Microsoft only partially addressed the vulnerability in the patch it released in August. The second phase of the patch will come in the first quarter of 2021, when the software giant will release additional security mechanisms for domain controllers.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts