Zerologon
and the value of
Virtual Patching
Protect Yourself Against Zerologon Attacks
What is Zerologon?
The new CVE-2020-1472 that was recently released, commonly known as Zerologon, is a potentially catastrophic vulnerability. It allows attackers to take advantage of the algorithm used in the Microsoft Windows Server Netlogon authentication process. Threat actors impersonate the identity of any computer and launch a variety of attacks. They are disabling security features and changing passwords, so they eventually take over the domain.
Am I at risk?
CVE-2020-1472 was published in early August. Since the average Mean Time to Patch (MTTP) is 60 to 150 days, that would put the average time for implementing this patch between October 2020 and January 2021. But as it is said in the security industry, “After Patch Tuesday comes Exploit Wednesday”. This means that after a batch of patches for new CVEs are released the first Tuesday of every month from Microsoft, attackers get to work. They are reversing the patches to write exploits and to take advantage of the bugs before patches have been applied. Given the MTTP, that’s 2-5 months that your organization is left exposed to a known threat.
What can I do to protect my organization?
Trend Micro have they customers covered with virtual patching. This provides an extra layer of security to protect against vulnerabilities before you apply the official vendor patch. As the name suggests, it’s like a patch because it is specifically protecting your environment in case someone attempted to exploit that vulnerability.
Virtual patches can be a critical safety net to allow you to patch in the way that works for your organization. With Trend Micro, you are protected from Zerologon and thousands of other vulnerabilities with virtual patching as part of your patch management process. Because Trend Micro protects you beyond this CVE.
Thanks to the ZDI (Zero Day Initiative), Trend Micro’s TippingPoint customers are protected 81 days before a patch is even released by the vendor. How is that possible? It is very simple: When a vulnerability is submitted to the ZDI, Trend Micro team gets to work to add protection against that unpatched vulnerability.
Learn how Cloud One – Workload Security’s virtual patching (host-based IPS) with intelligent recommendation scans can stop the Zerologon vulnerability before vendor patches are applied.
https://youtu.be/BjfGgaein70