Skip to Main Content

CVE-2020-1472- 'Netlogon Elevation of Privilege Vulnerability'

Netlogon Remote Protocol (MS-NRPC) provides authentication for user and computer accounts in Windows active directory domain. A vulnerability in Netlogon Remote Protocol enables an unauthenticated attacker to impersonate a domain-joined computer and obtain domain administrator privileges.

The impact of this vulnerability is high.

Remediation: Apply the patch released by Microsoft as referenced in the links below in the Microsoft Portal and review the Microsoft instructions to assess the impact to your environment and how to approach a secure state. Those who decide to fully enforce the secure mode now, must carefully consider the impact on their environment as this change can break some third party systems if not implemented correctly. See the release notes regarding the registry key that allows you to enable enforcement mode in advance of February 9, 2021 and how to manage the change in NetLogon Secure Connection.


Important Notes:

Related to third-party clients or servers, they must use secure RPC with the Netlogon secure channel. Please contact the device manufacturer (OEM) or software vendors to determine if their software is compatible with the latest Netlogon Remote Protocol. On Feb 9, 2021 the option to connect to the AD domains using the vulnerable Netlogon Remote Protocol will be deprecated.

For more detailed information about the patch implementation and its potential impact to your environment refer to the links below:

Microsoft Portal

Explanation of Enforcement Phases/Mode and Deployment Guidelines

How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472