covering the week's top tech stores
with a slight linux bias hackers are
using a severe windows bug to compromise
unpatched servers
one of the most critical windows
vulnerabilities disclosed this year is
under active attack
by hackers who are trying to back door
servers that store credentials for every
user
and administrative account on a network
researchers gave the vulnerability the
name zero logon because attacks work by
sending a string of zeros in a series of
messages that use the net logon protocol
which windows servers rely on for a
variety of tasks
including allowing end users to log in
to a network
xero logon as the vulnerability has been
dubbed
gained widespread attention last month
when the firm that discovered it said it
could give attackers instant access to
active directories
which admins use to create delete and
manage network accounts
active directories and the domain
controllers they run on are among the
most coveted prizes in
hacking because once hijacked they allow
attackers to execute code and munition
on all connected machines
microsoft patched the security flaw in
august
on friday kevin beaumont working in his
capacity as an independent researcher
said in a blog post that he had detected
attacks on the honeypot he uses to keep
abreast of attack
attacks that hackers are using in the
wild when his lure server was unpatched
the attackers were able to use a
powershell script
to successfully change an admin password
and backdoor the server
beaumont said that the attack appeared
to be entirely scripted with all
commands being completed within seconds
with that the attackers installed a back
door allowing remote
administrative access to devices inside
his mock network
the attackers also enabled remote
desktop
as a result they would continue to have
remote access even if the admin later
patches the server
people with no authentic authentication
can use the exploit to gain domain
administrative credentials as long as
the attackers have the ability to
establish tcp connections
with a vulnerable domain controller in
some cases attackers may use a separate
vulnerability to gain a foothold inside
a network
and then exploit zero logon to take over
the domain controller
i think a good example of a way for
these types of
scripts to get into networks are
out-of-date computers on the network
and also social engineering scams we
hear a lot about
like you probably receive these emails
that try to trick you into following
through with a process of
entering a credential or something like
that
the the risk that we run and the sad
case that i see as in i t
is that sometimes people think well i
don't need to update that computer
because it's
in the back room nobody really uses it
or oh well we need this one to still
have windows xp because
we have problems with one of our
printers if we don't
uh we're still seeing a lot of windows 7
systems
and that is a tragedy if you have a
windows 7 or windows xp system on your
network just
turn it off get rid of it yeah see the
the thing is is with those systems so
microsoft has
what we call eol or end of life uh
has has ended the life of these
operating systems
so they've said you've got to upgrade to
windows 10 well i don't want to upgrade
to windows 10 i like my windows 7.
i understand that and i respect that
however
here's the problem hackers
now are able to exploit these operating
and as they do that as they find
exploits
there's a couple of things that happen
one they
either give away or sell those exploits
or two they're just they're released
to the public through whether it's
through the dark web or even on github
yep as as security research
and so now these hackers
if you will we're gonna call them that
but realistically
in a lot of cases they're what we call
script kitties
and these are um
not even like hackers yes but they don't
have to have a lot of knowledge because
the
the exploit is publicly that's right
known and understood so if there are
exploits that are available for an
operating system
what do we expect to happen we expect
the operating system vendor microsoft in
this case
to patch that exploit to fix it
and that's the case with windows 10.
sadly though
those that are eol it's not the case
with an eol operating system sometimes
we hear oh well i don't need support
well microsoft has ended support that's
what we've heard yeah they've ended
support for windows 7. they've ended
support for windows xp
oh but i i've never had to call support
i can
handle it that's not what they're
talking about at all what they're saying
is they
will not fix the patches it does
the the exploits doesn't matter how
severe they are
it doesn't matter how easy they are to
exploit so you have a windows 7 machine
on your network well
you are giving entry to
one of these hackers who don't even have
to be very good at hacking because
the exploits are publicly known yep
sometimes they're part of tools
sometimes they can just download a free
tool and they can say i want to
with one check exploit windows 7
and so they get into a windows 7 box or
they've tricked one of your employees
even if they're just somebody in the
back working in the warehouse
they've tricked somebody into opening a
file that now gives them access to the
windows 7 machine the windows xp
machine or the machine in the back room
doesn't matter
and here we're learning that microsoft
servers
now have an exploit that as long as
a malicious party can gain access to any
computer on the network
they can now get domain administrator
access to the entire network
now scary now your windows 10 machines
are no longer safe
that's right because you've given them
entry
to your network as if they're a domain
administrator
oh see that's just bad news right there
well it's bad news why is ransomware a
thing
because what do they do they now okay
i've gained access to this network
i'm going to sell on the dark web access
to this network
you see this with um with townships
and yeah with cities that
was it the original script kitty who did
it no what
he just they just want they want to get
in
install their software and get out and
then sell access
that's right because that's quick money
so why do people do it for money
and that's how they do it so um yeah you
gotta
kind of keep things up to date so the
you know just a quick thought
to ponder hey if you've got any obsolete
machines on your network you've got to
get them off
and get your staff trained on cyber
security practices
understand what phishing scams are
because you know oh well
somebody clicked on a link and now their
computer's infected but their computer
is
on your network but i was gonna get half
of that
prince's money that's a whole other
can of worms right there jeff but i mean
i
when it comes to these kind of things to
look at your system and say oh
i don't want to spend seven eight
hundred bucks for a new computer i
wouldn't worry about updating this one
you'll end up spending more in the long
run uh or in in the short term
um no in the long run if you don't
have your system patched because once
they get access to everything you could
be
down and out but and i think when they
have access to everything i think it's
just important to realize that
that one entry point becomes access to
everything so spend a couple hundred
bucks get the new computer
save yourself i don't know what it takes
i mean it's different it's different for
every case right yeah i had one person
today who called and said i have a
single windows 7 computer
i don't want to upgrade it because it
just works oh
so here's here's an explanation and here
becca has shared with us a story
that simply tells us that all they need
is access to that
one computer and now they've got access
to
all computers of your computers and not
in just like a samba way not in a
a way that's like friendly and hopefully
they don't find any
ways into the back doors on those
computers no
they have administrator credentials on
your network
so they can do anything that's right
anything they want when i think about my
house
i think i've got you're done i think i
have
seven devices not including phones and
tablets and stuff like that that are
connected to the network
i don't want them to have access to that
yeah i just can't stress enough though
jeff
i mean i think in the terms of
businesses more so the home user but
once they're in they're in
you can't that you're done because
you can't now shut down that windows
machine that windows 7 machine no
they're already into everything
so what do you do replace everything
have every single computer
wiped because you don't know what tools
they've installed
that's expensive yeah so
don't fall into that anyways that's a
bad exploit that's
really serious folks i hope we've
stressed that enough that you understand
this is a bad one so make sure your
network
administrators are up and up and they
understand these things
and that you are protected and safe
against these kinds of threats
thanks for watching the category 5 tv
newsroom
don't forget to like and subscribe for
all your tech news with a slight linux
bias
and if you appreciate what we do become
a patron at patreon.com
category5 from the category 5 dot tv
newsroom i'm becca ferguson
[Music]
do
you