A researcher found a really nasty bug in Windows Server, calling it Zerologon. The Active Directory domain controller code screws up an important bit of AES, earning a perfect 10 on the CVSS scale.
Our Security Blogwatch editor curated some bloggy bits for your entertainment and also offers the moral of the story:
Run—do not walk—to your AD domain controllers (metaphorically speaking). And start planning for February’s second shoe droppage. Read full story here