New Mimikatz Update Adds Exploit for ZeroLogon (CVE-2020-1472) Shared on GitHub

Mimikatz, one of the leading post-exploitation tools that can dump passwords from memory, run pass-the-hash, pass-the-ticket, kerberoasting and more has had an exploit for ZeroLogon (CVE-2020-1472) added to it in its latest update. Mimikatz is an open source tool designed to target devices running Windows OS. Users have shared demos of the ZeroLogon exploit from Mimikatz displaying the direct RPC call and confirming the exploit works.

This update to Mimikatz is the first well known tool to adapt the vulnerability, and it is expected to be added to additional penetration testing tools and malware.

ZeroLogon is a 10 of 10 rated critical vulnerability and patches to mitigate the vulnerability have already been released by Microsoft in August. Microsoft’s security bulletin can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

Nuspire highly recommends administrators apply patches as soon as possible as it is expected that this vulnerability is already being exploited in the wild.