Zerologon threats networks of large organizations and enterprises in Viet Nam

Security: Critical

Zerologon is a critical privilege escalation vulnerability targeting Domain Controller (DC) servers used in most network systems of large organizations and enterprises in Viet Nam. After a successful exploit, an attacker can take control of all accounts in the systems, including administrator accounts.

According to Bkav researchers, most of systems deploying DC are vulnerable to this flaw. With 50% of servers using Windows Server operating system, it will be a huge risk for network systems not only in Viet Nam but all over the world. According to Bkav, one Vietnamese enterprise has become a victim of Zerologon. Hackers have successfully penetrated the system and fully controlled all user accounts of this company.

Due to the flaw’s critical severity, administrators are recommended to urgently check and update patches for their systems. They can view the details, follow the instruction, check and fix the bug at WhiteHat.vn/ZerologonScan. Particularly, the systems installed security operations center eEye SOC will be automatically protected against Zerologon attacks.

Bkav

You can learn more about different severity levels

Zero-day vulnerabilities are discovered in operating systems or worldwide popular softwares.

New and dangerous viruses emerge with high spreading rate worldwide. (For instance: Code Red, Blaster, Conficker…).

Malicious attacks performed by Vietnamese or global hackers. (For instance: DDoS attacks aimed at Korea and US government’s websites etc.).

Critical vulnerabilities are still being exploited at large scale though patches are already available.

The spread of viruses or malicious attacks in specific and large community or regions (For instance: all over Vietnam, South East Asia, etc.).

The emergence of viruses exploiting new technology. As all defense systems are not yet ready and antivirus softwares have not been updated with new definitions, both individuals and enterprises are affected. (For instance: Skype wiretapping Trojan, virus that infects Delphi Code Translator, etc.).

The vulnerabilities have already been patched and being exploited only at small scale.

Cyber attacks and viruses spread at small scale.

There is no sign of cyber attacks or viruses spread worldwide. Network systems are working fine.