{"id":8828,"date":"2020-09-21T13:11:25","date_gmt":"2020-09-21T10:11:25","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8828"},"modified":"2020-09-21T13:11:25","modified_gmt":"2020-09-21T10:11:25","slug":"cve-2020-1472-domain-controller-vulnerability","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2020-1472-domain-controller-vulnerability\/8828\/","title":{"rendered":"Zerologon g\u00fcvenlik a\u00e7\u0131\u011f\u0131, domain denetleyicilerini tehdit ediyor"},"content":{"rendered":"<p>Microsoft, A\u011fustos ay\u0131ndaki yay\u0131nlad\u0131\u011f\u0131 yamayla, aralar\u0131nda <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1472\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2020-1472<\/a>\u2018nin de bulundu\u011fu birka\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatt\u0131. Netlogon protokol\u00fc g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n \u00f6nem d\u00fczeyi \u201ckritik\u201d olarak belirlendi (CVSS puan\u0131, en y\u00fcksek puan olan 10,0\u2019d\u0131). A\u00e7\u0131\u011f\u0131n bir tehdit olu\u015fturabilece\u011fi \u015f\u00fcphesizdi ancak ge\u00e7ti\u011fimiz g\u00fcn Secura ara\u015ft\u0131rmac\u0131s\u0131 Tom Tervoort (a\u00e7\u0131\u011f\u0131 ke\u015ffeden ki\u015fi), Zerologon olarak bilinen g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n neden bu kadar tehlikeli oldu\u011funu ve bu a\u00e7\u0131\u011f\u0131n alan denetleyicisini ele ge\u00e7irmek i\u00e7in nas\u0131l kullan\u0131laca\u011f\u0131n\u0131 a\u00e7\u0131klayan <a href=\"https:\/\/www.secura.com\/blog\/zero-logon\" target=\"_blank\" rel=\"noopener nofollow\">ayr\u0131nt\u0131l\u0131 bir rapor yay\u0131nlad\u0131<\/a>.<\/p>\n<h2>Zerologon\u2019la ilgili bilinmesi gerekenler<\/h2>\n<p>Asl\u0131nda CVE-2020-1472, Netlogon Uzak Eri\u015fim Protokol\u00fcn\u00fcn \u015fifrelenmi\u015f kimlik do\u011frulama \u015femas\u0131ndaki bir hatan\u0131n sonucudur. Protokol, alan (domain) tabanl\u0131 a\u011flarda, kullan\u0131c\u0131lar\u0131n ve makinelerin kimli\u011fini do\u011frular ve bunun yan\u0131nda bilgisayar parolalar\u0131n\u0131 uzaktan g\u00fcncellemek i\u00e7in de kullan\u0131l\u0131r. G\u00fcvenlik a\u00e7\u0131\u011f\u0131 arac\u0131l\u0131\u011f\u0131yla sald\u0131rgan, istemci bir bilgisayar\u0131 taklit edebilir ve alan denetleyicisinin (t\u00fcm a\u011f\u0131 kontrol eden ve Active Directory hizmetlerini \u00e7al\u0131\u015ft\u0131ran sunucu) \u015fifresini de\u011fi\u015ftirerek alan\u0131n y\u00f6netici haklar\u0131n\u0131 kazanmas\u0131na imkan verir.<\/p>\n<h2>Bu a\u00e7\u0131ktan kimler etkilenebilir?<\/h2>\n<p>CVE-2020-1472, Windows tabanl\u0131 alan denetleyicilerine dayal\u0131 a\u011flara sahip \u015firketler i\u00e7in bir risk olu\u015fturuyor. Siber su\u00e7lular, \u00f6zellikle Windows Server 2019 veya Windows Server 2016\u2019n\u0131n herhangi bir s\u00fcr\u00fcm\u00fc ba\u015fta olmak \u00fczere, Windows Server 1909 s\u00fcr\u00fcm\u00fc, Windows Server 1903 s\u00fcr\u00fcm\u00fc, Windows Server 1809 s\u00fcr\u00fcm\u00fc (Datacenter ve Standart s\u00fcr\u00fcmler), Server 2012 R2, Windows Server 2012 veya Windows Server 2008 R2 Service Pack 1 s\u00fcr\u00fcm\u00fc kullanan bir alan denetleyicisini ele ge\u00e7irebilir. Sald\u0131r\u0131 i\u00e7in siber su\u00e7lular\u0131n \u00f6nce kurumsal a\u011fa s\u0131zmas\u0131 gerekir, ancak bu o kadar da b\u00fcy\u00fck bir sorun de\u011fildir \u2014 i\u00e7eriden ger\u00e7ekle\u015ftirilen sald\u0131r\u0131lar ve halka a\u00e7\u0131k alanlardaki <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/dark-vishnya-attack\/5483\/\" target=\"_blank\" rel=\"noopener\">Ethernet \u00e7\u0131k\u0131\u015flar\u0131ndan girilmesi<\/a> hi\u00e7 de bilinmedik durumlar de\u011fil.<\/p>\n<p>Neyse ki Zerologon, hen\u00fcz ger\u00e7ek hayattaki bir sald\u0131r\u0131da kullan\u0131lmad\u0131 (veya en az\u0131ndan bildirilen bir sald\u0131r\u0131 yok). Bununla birlikte Tervoort\u2019un raporu b\u00fcy\u00fck heyecan yaratt\u0131, muhtemelen siber su\u00e7lular\u0131n da dikkatini \u00e7ekti ve ara\u015ft\u0131rmac\u0131lar bunun i\u015fe yarad\u0131\u011f\u0131na dair bir kan\u0131t yay\u0131nlam\u0131\u015f olmasa da, sald\u0131rganlar\u0131n \u00e7\u0131kan yamalar \u00fczerinden bunu olu\u015fturabilece\u011fine \u015f\u00fcphe yok.<\/p>\n<h2>Zerologon sald\u0131r\u0131lar\u0131ndan nas\u0131l korunulur?<\/h2>\n<p>Microsoft, bu y\u0131l\u0131n A\u011fustos ay\u0131n\u0131n ba\u015f\u0131nda etkilenen t\u00fcm sistemlerdeki g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapatmak \u00fczere <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1472\" target=\"_blank\" rel=\"noopener nofollow\">\u00e7e\u015fitli yamalar yay\u0131nlad\u0131<\/a>, bu nedenle, hen\u00fcz yapmad\u0131ysan\u0131z vakit kaybetmeden g\u00fcncellemeleri yap\u0131n. Ek olarak \u015firket, protokol\u00fcn a\u00e7\u0131\u011fa sahip s\u00fcr\u00fcm\u00fc \u00fczerinden yap\u0131lan t\u00fcm oturum a\u00e7ma giri\u015fimlerinin izlenmesini ve yeni s\u00fcr\u00fcm\u00fc desteklemeyen cihazlar\u0131n tan\u0131mlanmas\u0131n\u0131 \u00f6neriyor. Yap\u0131lmas\u0131 gereken \u015fey, alan denetleyicisinin, t\u00fcm cihazlar\u0131n Netlogon\u2019un g\u00fcvenli s\u00fcr\u00fcm\u00fcn\u00fcn kullan\u0131ld\u0131\u011f\u0131 bir moda ayarlanmas\u0131d\u0131r.<\/p>\n<p>G\u00fcncellemeler bu k\u0131s\u0131tlamay\u0131 zorunlu tutmaz \u00e7\u00fcnk\u00fc Netlogon Uzaktan Eri\u015fim Protokol\u00fc yaln\u0131zca Windows\u2019ta kullan\u0131lmaz \u2014 di\u011fer i\u015fletim sistemlerine dayal\u0131 bir\u00e7ok cihaz da bu protokol\u00fc baz al\u0131r. Kullan\u0131m\u0131n\u0131 zorunlu k\u0131larsan\u0131z g\u00fcvenli s\u00fcr\u00fcm\u00fc desteklemeyen cihazlar d\u00fczg\u00fcn \u00e7al\u0131\u015fmayacakt\u0131r.<\/p>\n<p>Bununla birlikte, 9 \u015eubat 2021\u2019den itibaren, alan denetleyicilerinin b\u00f6yle bir modu kullanmas\u0131 (yani, t\u00fcm cihazlar\u0131 g\u00fcncellenmi\u015f, g\u00fcvenli Netlogon s\u00fcr\u00fcm\u00fcn\u00fc kullanmaya zorlamak) gerekecek, b\u00f6ylece y\u00f6neticilerin \u00fc\u00e7\u00fcnc\u00fc taraf cihaz uyumlulu\u011fu sorununu (g\u00fcncelleyerek veya manuel olarak kapsam d\u0131\u015f\u0131 tutarak) \u00f6nceden \u00e7\u00f6zmesi gerekecek. A\u011fustos yamas\u0131n\u0131n neleri i\u00e7erdi\u011fini ve ayr\u0131nt\u0131l\u0131 y\u00f6nergelerle birlikte \u015eubat ay\u0131nda nelerin de\u011fi\u015fece\u011fine ili\u015fkin daha fazla bilgi i\u00e7in bu <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4557222\/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft payla\u015f\u0131m\u0131na g\u00f6z at\u0131n<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n","protected":false},"excerpt":{"rendered":"<p>Netlogon protokol\u00fcndeki CVE-2020-1472 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, di\u011fer ad\u0131yla Zerologon, sald\u0131rganlar\u0131n alan denetleyicilerini ele ge\u00e7irmesine imkan veriyor.<\/p>\n","protected":false},"author":2581,"featured_media":8829,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1737,790,38],"class_list":{"0":"post-8828","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-cve","10":"tag-guvenlik-aciklari","11":"tag-microsoft"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2020-1472-domain-controller-vulnerability\/8828\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2020-1472-domain-controller-vulnerability\/21903\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/17377\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/23294\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2020-1472-domain-controller-vulnerability\/21486\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/20106\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2020-1472-domain-controller-vulnerability\/23898\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2020-1472-domain-controller-vulnerability\/22837\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2020-1472-domain-controller-vulnerability\/29085\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2020-1472-domain-controller-vulnerability\/37048\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2020-1472-domain-controller-vulnerability\/15680\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2020-1472-domain-controller-vulnerability\/16049\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cve-2020-1472-domain-controller-vulnerability\/13982\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2020-1472-domain-controller-vulnerability\/25178\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/cve-2020-1472-domain-controller-vulnerability\/11985\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cve-2020-1472-domain-controller-vulnerability\/29235\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cve-2020-1472-domain-controller-vulnerability\/26096\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2020-1472-domain-controller-vulnerability\/22875\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2020-1472-domain-controller-vulnerability\/28197\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2020-1472-domain-controller-vulnerability\/28029\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8828"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8828\/revisions"}],"predecessor-version":[{"id":8830,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8828\/revisions\/8830"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8829"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}