Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

Cybersecurity and Infrastructure Security Agency sent this bulletin at 09/24/2020 03:12 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

09/24/2020 10:25 AM EDT

Original release date: September 24, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. Applying patches from Microsoft’s August 2020 Security Advisory for CVE-2020-1472 can prevent exploitation of this vulnerability.

CISA has released a patch validation script to detect unpatched Microsoft domain controllers. CISA urges administrators to patch all domain controllers immediately—until every domain controller is updated, the entire infrastructure remains vulnerable. Review the following resources for more information:

CISA Patch Validation Script
CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
CERT/CC Vulnerability Note VU#490028
Microsoft Security Vulnerability Information for CVE-2020-1472
Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472

This product is provided subject to this Notification and this Privacy & Use policy.

Having trouble viewing this message? View it as a webpage.

You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions | Privacy Policy | Help

Connect with CISA:
Facebook | Twitter | Instagram | LinkedIn | YouTube