October 24, 2020

Homeland Security issues Zerologon security vulnerability warning

3 min read

When Microsoft released a cumulative update in August 2020, it also disclosed a high-risk elevation of privilege vulnerability (EoP), which rated the maximum 10.0 in severity.

A score of 10 points means that this vulnerability is extremely serious, and it is true, it only takes an attacker 3 seconds to control the affected AD domain.

This high-risk security vulnerability was discovered by Tom Tervoort, a researcher at the security company Secura. The vulnerability is located in the Windows Netlogon remote protocol.

An attacker can use a man-in-the-middle (MIT) attack to obtain AD domain administrator authority, and then use this authority to directly control all computers in the AD domain.

And this year the researcher discovered more serious security vulnerabilities and it is still in the Netlogon protocol that allows unauthorized users to control the entire domain. In fact, the attacker can completely control the login credentials and change the domain control password.

For experienced attackers, it only takes 3 seconds to exploit this vulnerability, and then they can take over all computers in certain AD domains of enterprises or institutions.

This vulnerability was eventually named Zerologon (CVE-2020-1472), and Microsoft initially fixed the vulnerability in the August 2020 security update.

But the vulnerability is more complicated. Microsoft needs more time to fix it. The company said it will continue to roll out security updates next year to block the vulnerability and reduce its harm.

CVE-2020-5902

The Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security recently issued a security warning, requiring US federal government agencies to immediately install updates for servers, etc.

Under normal circumstances, the U.S. Department of Homeland Security will not issue warnings for vulnerabilities, unless the vulnerability is extremely harmful and must issue public warnings to remind organizations to install updates.

At the same time, the Bureau of Cybersecurity and Infrastructure Security also strongly recommends that private companies and the public install the update as soon as possible. If the update cannot be installed in time, domain control should be disabled.

What Is The Relationship Between Cybersecurity And Web Development?

The relationship between cybersecurity and web development is clear. Both are areas in which businesses are working hard so they can protect their websites and information from unauthorized access, whether that access is coming from a hacker or a competitor. 

A cybersecurity company will take charge of all the necessary steps that need to be taken to protect the website from hackers and other problems. This includes securing the networks, which include the main computer that hosts the website and all other servers connected to it. Another thing to look for is a security company that has the expertise to do all the upgrades that need to be done on the server that hosts the website. 

As far as web development goes, a cybersecurity company will not only handle the protection of the site itself, but they’ll also help develop the site in order to make it look professional. There are many companies that have different firewalls that’ll work with a website, and you should always be sure that you have a good firewall.

A web development company will also help get your website up and running. They’ll work with the site’s programmers, which will make sure that everything looks the way that you want it to. If you’re not happy with the look of the site, a professional company will help you fix it before it’s too late and a competitor can take advantage of your website. To find out more about the best web development company that you can rely on for your website design and security, click here.

Finally, a web development company will help create a user-friendly interface for the website. This is very important to the site’s user since it’ll make them feel more comfortable using the site. Take note that many people don’t understand HTML, hence the interface may not be very user-friendly to them.