Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

Original release date: September 24, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. Applying patches from Microsoft’s August 2020 Security Advisory for CVE-2020-1472 can prevent exploitation of this vulnerability.

CISA has released a patch validation script to detect unpatched Microsoft domain controllers. CISA urges administrators to patch all domain controllers immediately—until every domain controller is updated, the entire infrastructure remains vulnerable. Review the following resources for more information:

CISA Patch Validation Script
CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
CERT/CC Vulnerability Note VU#490028
Microsoft Security Vulnerability Information for CVE-2020-1472
Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin

Next Cisco Releases Security Updates for Multiple Products »

Previous « Google Releases Security Updates for Chrome

This website uses cookies.

Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

Recent Posts

CISA Releases Nine Industrial Control Systems Advisories

CISA Releases Six Industrial Control Systems Advisories

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Joint Advisory Issued on Protecting Against Interlock Ransomware

CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog

Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)