Microsoft Warns of the First Attacks Using Zerologon

In recent days we have talked about a new vulnerability that affects Windows and is called Zerologon . A problem that joins the long list that can put our security and privacy at risk. Today we echo a news story in which Microsoft warns that hackers are using this vulnerability to attack.

Attacks on Windows Server due to the Zerologon vulnerability

As we know, this security flaw affects Windows Server users. The vulnerability was named Zerologon by the cybersecurity company Secura. In case of being exploited by an attacker, they could obtain administrator privileges over a domain and have full control.


During this morning Microsoft has launched a series of tweets in which they warn that this failure is being exploited. They indicate that attacks are being actively used and urge administrators to install patches immediately.

Fortunately, this vulnerability already has a correction. The problem, as it usually happens in these cases, is that many users still do not update the equipment and therefore are exposed to problems of this type.

Microsoft claims that it is actively tracking the activity of hackers using exploits for the CVE-2020-1472 Netlogon EoP vulnerability , called Zerologon. They indicate that they have observed attacks incorporating public exploits.

They show three examples that, according to the company, have been used to carry out attacks with the aim of exploiting the Zerologon vulnerability that allows, as we have seen, to obtain elevated privileges.

These samples are .NET executables that have the file name SharpZeroLogon.exe. However, at least for the moment, Microsoft does not share more details about these attacks.

Seguridad de los servidores

The solution to the problem, available

We have already mentioned that the solution to this problem is available. Users can update their computers and fix this vulnerability. To do this, Microsoft urges all Windows Server administrators to install the security update for CVE-2020-1472.

As we can see, there are many vulnerabilities that can arise in our computers. It does not matter the type of operating system we are using or the device. Faults may arise that in one way or another affect us.

It is therefore vital to always have the latest versions and patches . On the one hand we will be able to improve performance. We are going to get the latest enhancements, functions and features of a program or service. But we are also going to avoid those security problems that can be exploited by cybercriminals.

In short, from this article we recommend all Windows Server users to solve this problem. Only then, only by installing the latest patches, can they be completely safe and prevent them from exploiting this vulnerability called Zerologon that could expose computers. It must be remembered that this failure was classified as critical.