Security Week 40: Windows Zerologon Vulnerability Patch
With network access to a domain controller on the corporate network, an attacker can change the password on the server and gain complete control over the corporate infrastructure. A multi-stage attack on less critical Windows servers is also possible with the same end result. The unofficial name – Zerologon – was given to the vulnerability due to the specifics of the attack: it starts with attempts to establish a connection using a sequence of data from all zeros. An incorrect implementation of the AES encryption algorithm allows you to log in to the server from a maximum of 256th attempt, which in practice takes a couple of seconds.
The vulnerability was tackled outside of Microsoft last week. Came out unofficial patch for Windows Server 2008 R2. For this OS there is and official patch, but from January of this year it will be installed only for those who have purchased the extended support package for the old release.
Also, solve the problem had to in the Samba code. The vulnerability is relevant only for those installations where the Samba server is used as a domain controller. Since this construction assumes following the specifications of the Netlogon protocol (and the error is in them, this is not an accidental software bug), Samba was also among the victims.
Sources:
- Microsoft Vulnerability Overview Bulletin
- Instructions for system administrators
- Detailed vulnerability study by Secura
- Windows Server 2008 R2 Unofficial Patch Article
- Samba Developer Bulletin
- News on Habré
The seriousness of the problem is underscored by the directive of the American Cybersecurity Agency on the need to urgently roll a patch in the infrastructure of federal agencies. As follows from the description of the vulnerability provided by the pioneers – Secura, the source of the problem was the incorrect implementation of the AES encryption algorithm in a non-standard mode CFB8…
Authorization of two systems via the Netlogon protocol involves the exchange of two arbitrary numbers of 8 bytes, the so-called session keys. The AES-CFB8 encryption process uses these random keys and an initialization vector (IV), another unique 16 byte sequence. More precisely, it must be unique: the Netlogon spec states that IV always consists of zeros.
Researcher Tom Turworth discovered the following: if you give the algorithm as input a session key of eight zeros and make 256 login attempts, in one of them the combination of a zero key and a zero initialization vector will give a zero ClientCredential. Knowing this, we can log in to the server, like any computer in the domain. At this stage, the attacker still cannot exchange encrypted data, but this is not necessary: the server will easily establish a session without encryption, apparently in order to support old operating systems. As a result, it becomes possible to log in as an administrator of the attacked server and change the password in Active Directory.
In practice, the attack process requires additional steps, but if you have network access to the domain controller (when accessing the local network), they are quite simple. Exploit for vulnerability two weeks ago was posted to the public, and there are already reports of actual attacks on Windows servers.
Judging by the data from Microsoft’s instructions for administrators, the vulnerability will be closed in two stages. On the first, starting from August 11 (if you installed the patch, of course), old systems that can only connect to the domain using the vulnerable protocol will be able to do this. At the same time it breaks famous method of attack, but there may be other, more sophisticated methods. In the second phase, starting February 9, 2021, supported servers will drop connections without encrypting data by default. In other words, some organizations add headaches to administrators to identify and update legacy systems. In any case, it is necessary to close the vulnerability, the cost of hacking is too high.
What else happened: