Tag

#netlogon

2 posts tagged #netlogon.

Analysis · Jun 2, 2026 · Colten Anderson

One CERT says it's exploited, Microsoft says it isn't, and you patch anyway

A pre-auth SYSTEM RCE on every domain controller doesn't need an exploitation rumor to earn the top of your patch queue. The interesting part is why the alarm and the data disagree, and why that disagreement shouldn't change your call.
Analysis · May 20, 2026 · Colten Anderson

Zerologon: a crypto mistake that hands over the domain in seconds

CVE-2020-1472 is a cryptographic flaw in the Netlogon protocol that lets an unauthenticated attacker with network access to a domain controller reset its machine-account password to empty, becoming domain admin. CVSS 10, no credentials, seconds to exploit.