Vulnerability: Netlogon Elevation of Privilege
In August, Microsoft released a software update to mitigate a critical vulnerability known as Zerologon (CVE-2020-1472) in Windows Server operating systems. This vulnerability was given the highest Common Vulnerability Scoring System (CVSS) score of 10.0 and given a “critical” security rating from Microsoft.
The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) is a core authentication component of Active Directory (AD) that provides authentication for user and computer accounts. The vulnerability in MS-NRPC could allow an unauthenticated attacker with network access to a domain controller to completely compromise all AD identity services. The vulnerability is triggered by sending a string of zeros to the Netlogon protocol, hence its name, “Zerologon.” The flaw allows anyone on a network utilizing the Netlogon protocol to elevate their privileges to that of the domain administrator.
The compromise of AD infrastructure represents a significant & costly impact; An unauthenticated attacker with network access to a domain controller can impersonate any domain-joined computer, including a domain controller. Among other actions, the attacker can set an empty password for the domain controller's AD computer account & cause a denial of service, potentially allowing the attacker to gain domain administrator privileges. Additionally, an attacker who successfully exploited the vulnerability could run a specially crafted malicious application on a device on the network.
What does this mean for you? If you are a Spectra Networks Managed Services client we will be performing out of band emergency patching this evening and no action is required. If you are not currently a Spectra Networks client we recommend immediately installing any available Windows Updates and perform a system audit to ensure you are protected. If you need assistance please contact our sales team via phone (978) 219-9752 or email [email protected].
Microsoft: How to Manage Changes