Daily Archives: September 15, 2020

• Yes, you do need to patch sooner or later

  Posted on September 15, 2020 at 08:06 CDT by woody • Comment in the Forums

  You know how I say that there’s no reason to patch as soon as the patches come out — but you need to patch sooner or later?

  Those of you running Windows Server as a domain controller just showed the rest of us how important that “sooner or later” can be.

  Microsoft patched CVE-2020-1472 last month. The security hole was (and still is) described as “2 – Exploitation Less Likely,” thus not of immediate concern. It wasn’t publicly disclosed or exploited at the time (it wasn’t a zero-day). If you followed along with the MS-DEFCON system (which, admittedly, isn’t designed for admins with Windows Server domain controllers) you would’ve installed the patch late last month or early this month.

  Good for you.

  Yesterday,the Dutch security company Secura B.V. released a full report of the security hole – and it’s a doozy. Catalin Cimpanu at ZDNet has a thorough description:

  According to Secura experts, the bug, which they named Zerologon, takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process.

  This bug allows an attacker to manipulate Netlogon authentication procedures and:

  • impersonate the identity of any computer on a network when trying to authenticate against the domain controller
  • disable security features in the Netlogon authentication process
  • change a computer’s password on the domain controller’s Active Directory (a database of all computers joined to a domain, and their passwords)

  There are limitations to how a Zerologon attack can be used. For starters, it cannot be used to take over Windows Servers from outside the network. An attacker first needs a foothold inside a network.

  However, when this condition is met, it’s literally game over for the attacked company.

  It’s a bad one. But you got your Server patched a couple of weeks ago, yes?

  It’s rare to have a security hole erupt this quickly – although it does happen. We still haven’t seen widespread attacks. But it’s only a matter of time.

  Windows Patches/Security August 2020 Black Tuesday, CVE-2020-1472

• Microsoft is pushing the Chromium-based version of Edge

  Posted on September 15, 2020 at 07:28 CDT by woody • Comment in the Forums

  This really shouldn’t come as a surprise to anybody.

  Lawrence Abrams at BleepingComputer talks about KB 4576754, the “Update for the new Microsoft Edge for Windows 10, version 1809, 1903, 1909, and 2004: August 31, 2020.” Abrams credits Venkat on Techdows. Venkat says that the patch appears as “2020-08 Microsoft Edge Update for Windows 10 version 2004 (KB4576754)” in the Update history list.

  As @abbodi86 notes:

  It’s a normal update, can be hidden or postponed with group policy or a metered connection. And it was announced two months ago:

  https://techcommunity.microsoft.com/t5/articles/upgrading-to-the-new-microsoft-edge-through-windows-update/m-p/1499724

  As I’ve said before, go ahead and install Chredge. Use Brave or Firefox (or Chrome)… and give Chredge a try when you have some time. It’s OK, but it won’t supplant any of the others for me anytime soon.

  Windows News Chredge