jpcastr0 (9)

It’s a pretty nasty bug that there is now weaponized POC code, and Is now available in #mimikatz. So we are expecting some impressive attacks very soon. 😎

For this particular vulnerability there are three big things I want to emphasize:

1️⃣ The vuln requires that an attacker already has access to a network. However, once in, this is an attack that can be done very quickly.

2️⃣ MS is holding fast on only patching Window Server 2008 R2 and up. It is not 100% confirmed, but there is a good chance that earlier EOL versions of servers could be affected, that could represent a higher risk to legacy systems and applications

3️⃣ What’s worse is that there is not a full fix available. The patch enables the DCs to protect devices, but a second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug.