Whenever a company like Microsoft comes across vulnerabilities and bugs, it provides basic information to the customers, including the enterprise ones. We may think that enterprise customers would be the first to get rid of the flaw and protect their privacy, but that’s not always true.
Windows Zerologon patch enforcement
It’s the same thing that happened when the tech giant was trying to release a fix to the Zerologon flaw. Because many companies have not yet taken the recommended measures, Microsoft has decided to turn on ‘Enforcement Mode‘ by default. This decision renders the personal choice of the Domain Controller user.
In an official statement, Microsoft said that it would turn on ‘Enforcement Mode’ by default on the Domain Controller system starting from 9 February. From this point onwards, enterprise companies will not have an option to disable the protection from the Zerologon flaw.
“We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices,” said Microsoft.
Most importantly, the enforcement mode would be blocking incoming connections from non-compliant devices. The mode would also want all users to rely on the Netlogon secure channel to make no intrusions. Microsoft has been using the Secure RPC system for authenticating both ends of a request.
Zerologon is probably one of the most severe flaws to be spotted on the Microsoft ecosystem. This flaw had allowed threat actors to manipulate the authentication system and gain unauthorized access to the Domain Controller and the Active Directory identity services across an enterprise system.
First spotted in September 2020, this flaw had seen a spike in the number of attacks, and it took Microsoft some time to launch a proper patch to the issue. The company has to deal with customers who haven’t willingly set up the patch on their networks.
Experts believe that this decision from Microsoft shows how critical the Zerologon flaw still is. Since it’s the status quo, many have to but appreciate the tech giant’s decision to set up enforcement mode as the default option.
Among other authorities, the US government had also asked organizations to update to the latest versions of Active Directory to stay safe from the Zerologon exploits.