WHAT HAPPENED?

Microsoft has issued and Important/High security update to address a vulnerability within the Netlogon component in Microsoft Windows Server 2019.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. 

Advanced Users: For a complete description of the security vulnerabilities and affected software refer to:

• CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability

AFFECTED SYSTEMS:

• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Server Version 1903
• Windows Server Version 1909
• Windows Server Version 2004

WHAT'S THE PROBLEM?

Exploitation of this vulnerability could allow a remote attacker to gain access to administrators’ privileges.  Microsoft is addressing the vulnerability in a phased two-part rollout. Additional updates will become available in Q1 2021.

RELATED LINKS

• IT Security
• How to manage the changes in Netlogon secure channel connections associated with CVE-2020-147
• [Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)