UHS Healthcare Attack and Ryuk Ransomware As A Service

1 Like

When did Microsoft patch this? I did a quick google looking to see if this was a new or old issue, and what I’m finding is that this is a 2 year old attack vector???

Why am I asking? Saw this video just before lunch, came back and logged into one of the DC’s and hit the check for updates button. It came back with no updates needed. Did a couple other things and came back to this video to watch again and pay attention this time. So now I’m looking to see if there is something else I need to look for. I’m patched up to the last “patch Tuesday” on my servers and clients update automatically which should have been this morning for something (at least the client I’m on right now).

FYI, this was posted to these forums yesterday or the day before, and I think it linked to a reddit post on the subject, but at that time there was no evidence of this being real (also mentioned in the post).


CVE-2020-1472 AKA Zerologon was from just a few weeks ago.

And gaining access is trivial https://www.secura.com/blog/zero-logon

1 Like

The blog links to a test script that should probably be used by most people, even the ones that took the August 2020 update that says it patched this issue.

I’ll have to get a machine with Python installed on the network and give this a try.

1 Like