Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft IT Technology

Microsoft Says Iranian Hackers Are Exploiting the Zerologon Vulnerability (zdnet.com) 29

Microsoft said on Monday that Iranian state-sponsored hackers are currently exploiting the Zerologon vulnerability in real-world hacking campaigns. From a report: Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets. The Iranian attacks were detected by Microsoft's Threat Intelligence Center (MSTIC) and have been going on for at least two weeks, the company said today in a short tweet. MSTIC linked the attacks to a group of Iranian hackers that the company tracks as MERCURY, but who are more widely known under their monicker of MuddyWatter. The group is believed to be a contractor for the Iranian government working under orders from the Islamic Revolutionary Guard Corps, Iran's primary intelligence and military service.
This discussion has been archived. No new comments can be posted.

Microsoft Says Iranian Hackers Are Exploiting the Zerologon Vulnerability

Comments Filter:
  • Why wouldn't they? (Score:5, Insightful)

    by devslash0 ( 4203435 ) on Tuesday October 06, 2020 @11:24AM (#60577738)
    Zerologon has been the hot topic in the security world for the past couple weeks. Low complexity, full compromise, 10 out of 10 on the CVSS scale. Plus, the rollout of a partial patch is slow, as with any updates while a full patch won't be available until the next year. It was obvious that Zerologon would be weaponized very quickly.
    • I was just just sitting down to try to exploit it myself.
      If *I* am using it, of course they are!

      > Plus, the rollout of a partial patch is slow, as with any updates while a full patch won't be available until the next year

      It's my understanding that the patch coming in a few months will FORCE the use the more secure protocol, which is enabled by the existing patch. After checking your logs for non-compliant clients, you can and should set this as required now, via registry or GPO.

      I'll probably understand

    • The Iranians have the best people I guess.

      • Some are murderers and rapists, I assume, but yes, they have the best people.

        • by rtb61 ( 674572 )

          And lots and lots of believers. Oh wait, I read that in the article, they believe, what the fuck does that even mean. From my perspective, I know what belief is. It is a genetic thought structure, locked in place by emotional states, states created by brain chemicals and associated stress and mental activity. This most often driven by social contact, using peer pressure and it's implied social threats to lock in a belief and often associated with the use of stimulants, alcohol, caffeine and more active subs

  • That any piece of "enterprise" software has vulnerabilities this bad is an utter disgrace. Not only for the vendor, but also for the people that bought this crap.

  • by BAReFO0t ( 6240524 ) on Tuesday October 06, 2020 @12:18PM (#60577966)

    Do you live in that magical oblivious world where any spy agency in the world would NOT exploit all the vulnerabilities they can afford to?

    If you object to them being run by religious nutjobs ... Well, I fully agree, but I would not limit that to Iranians, but to Saudis, Pakistanis, various non-state ones, Vaticans, Israelis, and a certain nation with a nutjob leader, that partially "teaches" creationism too. :)
    If you object to them being such a large military force for their size, ... well, look up who made that happen in the cold war. :)

    So can we agree on: Let's put your nutjobs and our nutjobs and Irani nutjobs on a smal, ugly island, and give them a few food caches and some very ugly melee weaons. Then wait. ;)

    Cause most Iranis and Americans are nice people. Let's not forget that.

  • Oh come now, isn't someone going to claim this is all 'fake news' and 'racist' because they're saying Bad Things about Iran, just like they do China? Come on guys, they're only a couple countries away from China, and they're right next door to Afghanistan and Pakistan, you HAVE to defend them against us racist bigoted Americans who so falsely accuse them of being horrible people, amirite? Everyone knows that the Iranian government, just like the Chinese government, is run by perfectly wonderful people who w
  • ...think it's a good idea not to install Windows Updates.
  • Enough of this cyber BS from the Microsoft ZDnet !

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...