Nonprofit Resources


What to Know and Do About the Critical Zerologon Vulnerability

When new patches are released for software and operating systems, organizations often give themselves a “grace period” to see how the patch works with their systems. IT staff fear releasing a patch that hinders or negatively impacts systems, functionality, and operations.

While this thought process can often be justified, your organization should not delay applying the patch to mitigate the Zerologon vulnerability (CVE-2020-1472). Zerologon has been present for over a month now; however, Microsoft just released the fix through its September 22, 2020 patch release.

And your IT team should not ignore it.

What is the risk?

The Zerologon vulnerability has been given the highest severity score, a 10 on the Common Vulnerability Scoring System. This is the highest rating given to the most critical vulnerabilities. If left unmitigated, this vulnerability could allow an attacker to gain unauthenticated access to your domain controller as an administrator with elevated privileges. And as an administrative user, the attacker could steal data, install malware or ransomware, and wreak havoc on your entire network.

What to do?

The Cybersecurity & Infrastructure Security Agency (CISA) is requiring immediate patching of federal devices with the Microsoft August 2020 Security Update. Likewise, your organization should consider the criticality of this patch and take the following steps:

  1. Identify every impacted domain controller on your network.
  2. Apply the patch to every affected device.
  3. If you’re unable to apply the patch, disconnect the device from the Internet and evaluate other factors to restrict access and prevent compromise.
  4. Escalate the issue to management with the status of remediation.

Certain devices running Samba software may also be affected. Samba has  released a patch to mitigate this critical vulnerability.

Unfortunately, short of removing the device from your network, the only fix currently available for this vulnerability is to apply the patch.

You can read more about the Zerologon vulnerability on the Cybersecurity & Infrastructure Security Agency (CISA) website, in CISA’s Emergency Directive, or on Microsoft’s security update page.

Please contact us at [email protected] with questions about this or other cybersecurity issues.

Allison Davis Ward

Allison Davis Ward is a Partner at CapinTech. Throughout her time as an information systems auditor and senior manager, Allison has provided information security assessment and consulting services primarily for nonprofit organizations, financial institutions, and health facilities. In addition to these services, she has provided clients with consulting services in risk assessment and policy development engagements.

Leave a Comment