Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1472: (Zerologon) Netlogon Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2020-1472: (Zerologon) Netlogon Elevation of Privilege Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

08/11/2020

Created

08/12/2020

Added

08/11/2020

Modified

01/05/2024

Description

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Deploying updates released February 9, 2021 or later will turn on DC enforcement mode which will revise this vulnerability. DC enforcement mode is when all Netlogon connections are either required to use secure RPC or the account must have been added to the "Domain controller: Allow vulnerable Netlogon secure channel connections" group policy. At this time, the FullSecureChannelProtection registry key is no longer needed and will no longer be supported.

Solution(s)

msft-kb4565349-1e857e5a-9432-4eaa-8c29-a755cc55f91d
msft-kb4565351-4274f60c-bfeb-463c-9754-001689926626
msft-kb4565351-79b74e87-e7f9-446e-a595-b7e944725115
msft-kb4566782-912b8b41-c59a-4078-bfbf-fb69a4d8c0b3
msft-kb4571694-cf7a53b4-c18c-4c38-b4ef-711043f4d178
msft-kb4571702-6737e598-09c1-4e5f-8d0f-fdf867035c34
msft-kb4571719-a8e134c1-b2bf-4b38-9bdf-300153658fc6
msft-kb4571723-218e6900-fb95-4be6-be8d-a246fbf73ad7
msft-kb4601315-2e652760-fd8c-4b28-bd36-dd352402f173
msft-kb4601319-d7760b05-5068-445c-bad9-5a652a5607af
msft-kb4601319-e9dc52b3-aff6-4e3e-934a-a4d425b11fde
msft-kb4601349-ed05cd9f-2c0a-4c01-a63e-ebd2f2406024
msft-kb4601357-2d79a176-d1c6-490a-926f-9b978229a388

References

https://attackerkb.com/topics/cve-2020-1472
CVE - 2020-1472
4565349
4565351
4566782
4571694
4571702
4571703
4571719
4571723
4571729
4571736
4601315
4601318
4601319
4601345
4601347
4601348
4601349
4601357
4601363
4601384

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2020-1472: (Zerologon) Netlogon Elevation of Privilege Vulnerability

Microsoft CVE-2020-1472: (Zerologon) Netlogon Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.