Skip to main content

Patch this critical server vulnerability now, Microsoft warns

(Image credit: Shutterstock / Roman Samborskyi)

Microsoft has reiterated an earlier warning to patch against a vulnerability affecting Windows Server, after attacks exploiting the bug were identified in the wild.

Known as Zerologon, the vulnerability affects systems running Windows Server 2008 R2 and later, including recent services using versions of Server based on Windows 10.

If exploited, the flaw could allow an attacker to gain full access to a network, escalate their administrative privileges and seize control of the domain.

As a result, Zerologon has been handed a maximum severity rating of 10/10 by the Common Vulnerability Scoring System (CVSS).

Microsoft remedied the vulnerability with a patch on August 11, but remains concerned that a significant proportion of affected organizations are still at risk.

Windows Server vulnerability

Microsoft’s intervention follows an emergency directive issued by the US Cybersecurity and Infrastructure Security Agency (CISA), which urged government agencies to update their systems to safeguard against the flaw.

The organization claimed to be reacting to “a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency.”

The vulnerability was further described as posing an “unacceptable risk” that therefore demands an “immediate and emergency reaction”.

Now, in a series of tweets, Microsoft has reiterated CISAs message: that businesses should install the patch as soon as possible. 

“Microsoft is actively tracking threat actor activity using exploits for the [Zerologon vulnerability]. We have observed attacks where public exploits have been incorporated into attacker playbooks,” explained the firm.

“We’ll continue to monitor developments and update the threat analytics report with the latest info. We strongly recommend customers to immediately apply security updates,” it added.

The company also shared three exploit samples that it believes are being used to launch attacks on vulnerable businesses.

For information on how to protect against the Zerologon flaw, consult this guide.