The impact of this issue announcement is high – critical. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Although Microsoft already provided patches for CVE-2020-1472 last month, there is still a publicly available exploit code for an elevation of privilege vulnerability in Microsoft’s Netlogon. Dubbed as Zerologon, at least four proof-of-concepts for the glitch were released on Github this week.
With this, administrators and users are encouraged to revisit the Security Advisory of Microsoft for August on the Netlogon vulnerability here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
Actions to be taken:
After installing the security updates released on 11 August 2020, administrators and users can deploy Domain Controller (DC) enforcement mode now while waiting for the Q1 20201 update.
What is the impact of not doing the actions?
Elevation of privilege vulnerability happens when the attacker establishes a vulnerable Netlogon secure channel connection to a DC utilising Microsoft’s Netlogon Remote Protocol (MS-NRPC). Once successfully exploited, an attacker could gain administrator access and run specially crafted apps on a device in the network.