The Zerologon Vulnerability and its Long-term Impact
What does it mean exactly when a vendor stops supporting software and declares it end of life? Effectively the vendor is telling the world to stop using that software because if it breaks they won’t fix it. Most importantly this applies to newly discovered security vulnerabilities. The risk created by vulnerabilities within an Operating System do not cease to exist the day the vendor stops supporting it. What does cease to exist is the ability to mitigate those risks through vendor released patches.
Consider the Zerologon vulnerability recently discovered within Microsoft Windows Server. If exploited this vulnerability would allow an attacker access to the highest-level privileges within an organization’s Windows infrastructure. From there the damage an attacker can inflict is limited only by his or her imagination. The vulnerability is serious enough that the Department of Homeland Security released a directive to take immediate and emergency action to patch servers.
Fortunately, Microsoft released a patch in August to address this vulnerability within Windows 2012, 2016 and 2019. Unfortunately, the vulnerability exists within Windows 2008 which reached end of life on 1/14/20. Microsoft is not releasing a Windows 2008 patch unless an organization purchases a yearly subscription for extended support. The bad news doesn’t stop there. The vulnerability is only truly addressed when all legacy authentication protocols within older Operating Systems are blocked. Microsoft has stated that it will end support for these older protocols on patched systems as of February 2021. This will effectively prevent any unpatched Operating System from interacting with patched systems. That leaves organizations with 3 options:
- Retire all systems running end of life Operating Systems and migrate to a modern OS or NextGen Platform
- Purchase extended support for all end of life Operating Systems
- Override the changes made by the patch and allow end of life Operating Systems to continue operating within the network.
Contact Thrive so we can assist your organization with option 1 (…and please don’t choose option 3).