Microsoft: Hackers using Zerologon exploits in attacks, patch now!

If you didn’t take notice of this one on Patch Tuesday, time to take it seriously now…:

[…] In a series of Tweets tonight, Microsoft is warning that Zerologon exploits are actively being used in attacks and that admins should install the necessary security updates immediately.

“Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.”

“Microsoft 365 customers can refer to the threat analytics report we published in Microsoft Defender Security Center. The threat analytics report contains technical details, mitigations, and detection details designed to empower SecOps to detect and mitigate this threat.”

“We’ll continue to monitor developments and update the threat analytics report with latest info. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft 365 customers can use threat & vulnerability management data to see patching status,” Microsoft tweeted tonight.

[…]

Original article here