From Holland comes worrying news: there is a severe security bug in Windows 10, Microsoft solved it but if the computers are not updated the danger remains. This flaw is called CVE-2020-1472 and concerns the encryption protocol applied to Netlogon, the Windows service used to access networks.
The experts of the cybersecurity company It cures they dedicated an entire paper to this problem, renamed “Zerologon“, and this shows how high the risk is for users if they do not update the operating system. Secura has also internally developed a tool to test PC security: after running it we will be able to know if our computer is vulnerable to CVE-2020-1472 or not. A possible hacker attack exploiting this vulnerability could lead the attacker, in five not very complicated steps to perform, to complete control of the server of a network. Which would mean being able to then attack easily all PCs connected to it. All this, among other things, by sending a simple message and getting the result in just three seconds.
How the Netlogon bug works
To launch a hacker attack by exploiting the CVE-2020-1472 vulnerability, it is sufficient to "make fun" of the algorithm of cryptography of the Netlogon service trying to authenticate by entering a string completely made up of zero numbers as the value of a specific parameter.
With just five sequential passes the attacker can do so disable password server of an Active Directory domain and become the master of the attacked network. At this point the hacker can do everything within the network, including sending malware to all connected PCs in order to take control of these machines as well.
Microsoft solved the problem
La severity of this vulnerability is extreme: Microsoft itself has assigned it a score of 10/10 and according to Secura it is one of the most serious and dangerous bugs in the history of Windows. Thankfully, though, Microsoft has already fixed it.
La patch that closes the flaw CVE-2020-1472 was in fact included in the August Windows 10 security update, so it has been available for over a month. However, very little publicity has been made about this bug and the associated risks and hardly any users are aware of the danger.
get safeTherefore, it is highly recommended to update Windows 10 with all the latest security patches (i.e. those of August and September 2020). To do this, simply enter Windows Update and look for the latest updates: the critical security ones are usually downloaded and installed independently by the operating system, but if this is not the case, you have to do it manually as soon as possible.
Windows 10 has a major bug - the latest update fixes everything