1
October 2020

URGENT - Update Your Domain Controllers now! But which ones ...?

Mark Warren

Zerologon is looking very scary - it's been given a CVSS score of 10, the highest and most critical rating.

It affects Domain Controllers which could be considered the gatekeepers for all other aspects of an IT estate. If you can take control of a Domain Controller (DC), you can get access to just about every device or remove access for users to get their work done.

Microsoft first released a patch for the issue back on August 11th, but it's only a partial mitigation. A second phase of patches is not due until Feb 2021. In the meantime, they're desperately urging all Windows customers to update their systems.

But, for any reasonably sized organization, that's not a trivial task. You need to find all the systems that might be vulnerable and then ensure the patch is applied. As most admins like to minimize they amount of change they make, they will want to know what patches have been applied already and which are outstanding before making the change.

Luckily, Privileged Process Automation (PPA) comes to the rescue. As you'll see in the demo below, PPA is perfect for discovering the patch levels on your servers and identifying which need to be updated. You can even now get PPA Express to get started for free.

If you'd like to find out more about how it works and to protect admin access to your servers, get in touch.