Microsoft Says Iranian Hackers Are Exploiting the Zerologon Vulnerability (zdnet.com) 29
Microsoft said on Monday that Iranian state-sponsored hackers are currently exploiting the Zerologon vulnerability in real-world hacking campaigns. From a report: Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets. The Iranian attacks were detected by Microsoft's Threat Intelligence Center (MSTIC) and have been going on for at least two weeks, the company said today in a short tweet. MSTIC linked the attacks to a group of Iranian hackers that the company tracks as MERCURY, but who are more widely known under their monicker of MuddyWatter. The group is believed to be a contractor for the Iranian government working under orders from the Islamic Revolutionary Guard Corps, Iran's primary intelligence and military service.
Re: (Score:1)
Re: Persians are smart, but their empire fell... (Score:2)
As a literal actual half-Arian half-German ... who do you think you are, DegeneratedBoy? :D
You should look up actual Aryans and Aryana, the region. Hint: They are not white, nor Americans.
Now go wail the failing of your life that made you pick people that you know the least as a convenient scapegoat to blame all your problems on. ... instead of fixing your life, like a man.
Why wouldn't they? (Score:5, Insightful)
Yep, duh. If I am, they are (Score:2)
I was just just sitting down to try to exploit it myself.
If *I* am using it, of course they are!
> Plus, the rollout of a partial patch is slow, as with any updates while a full patch won't be available until the next year
It's my understanding that the patch coming in a few months will FORCE the use the more secure protocol, which is enabled by the existing patch. After checking your logs for non-compliant clients, you can and should set this as required now, via registry or GPO.
I'll probably understand
SAMBA (Score:3)
What about the Samba AD domains? Is samba different enought that the exploit does not work?
The flaw is in the protocol, not its implementation, so SAMBA is also vulnerable. However, SAMBA changed the default value of server schannel to "yes" in version 4.8, which was released in March of 2018, so if you are running the latest version of SAMBA, unless you are setting server schannel to "auto" or "no" you are safe. If you are using an earlier version of SAMBA, you can make yourself safe by setting server schannel to "yes".
Details are in SAMBA's security announcement at https://www.samba.org/samba [samba.org]
Re: insensitive to people who caucus with democrat (Score:2)
Countries fully committed to wiping the US and UK off the map? So the US and UK then? At least their leadership. :D
Hint: Iranian people just as much think their leadership is bullshit as you think yours is.
THEY are on the Iranian streets, daily, to protest againt the regime, even though they might be tortured and murered for it.
And what did you do? Not just against their dictators, but against yours to. Change your Facebook picture? In FAVOR of that dictator?
Go meet some actual Iranians in Iran online now.
Re: (Score:1)
And no, he isn't trying to wipe Iran off the map.
I've met several Iranians esp when I worked at Boeing, and they're glad to be out of that place.
Iran is a state sponsor of terror, dude.
And, no, killing people like Osama Bin Laden is not the same thing as terrorism.
Wonder why other nation states ... (Score:2)
... are taking a pass?
Re: (Score:2)
The Iranians have the best people I guess.
Re: (Score:2)
Some are murderers and rapists, I assume, but yes, they have the best people.
Re: (Score:2)
And lots and lots of believers. Oh wait, I read that in the article, they believe, what the fuck does that even mean. From my perspective, I know what belief is. It is a genetic thought structure, locked in place by emotional states, states created by brain chemicals and associated stress and mental activity. This most often driven by social contact, using peer pressure and it's implied social threats to lock in a belief and often associated with the use of stimulants, alcohol, caffeine and more active subs
Re: Wonder why other nation states ... (Score:2)
In fact, you check if somebody is doing it, by doing it yourself. :)
So insecure crap by MS (Score:2)
That any piece of "enterprise" software has vulnerabilities this bad is an utter disgrace. Not only for the vendor, but also for the people that bought this crap.
Well what are you expecting? (Score:3)
Do you live in that magical oblivious world where any spy agency in the world would NOT exploit all the vulnerabilities they can afford to?
If you object to them being run by religious nutjobs ... Well, I fully agree, but I would not limit that to Iranians, but to Saudis, Pakistanis, various non-state ones, Vaticans, Israelis, and a certain nation with a nutjob leader, that partially "teaches" creationism too. :) ... well, look up who made that happen in the cold war. :)
If you object to them being such a large military force for their size,
So can we agree on: Let's put your nutjobs and our nutjobs and Irani nutjobs on a smal, ugly island, and give them a few food caches and some very ugly melee weaons. Then wait. ;)
Cause most Iranis and Americans are nice people. Let's not forget that.
Oh gee isn't this fake news/racist lies??? (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You're not anywhere near as clever or smart as you think you are.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Blame the admins who... (Score:1)
Enough of this cyber BS (Score:1)