ZEROLOGON CVE 2020- 1472
9/20/2020
The vulnerability, dubbed as “Zerologon,” is a critical severity, privilege-escalation vulnerability (CVE-2020-1472) assigned a CVSS score of 10 out of 10. The flaw was addressed in Microsoft’s August 2020 security updates.
OVERVIEW
-
As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as 'CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability' also known as Zerologon.
-
In order to mitigate this flaw, it is highly recommended to install Microsoft’s August 2020 security patches on all Active Directory domain controllers.
-
Unpatched DC (Domain Controllers) will allow attackers to compromise it and give themselves domain admin privileges.
-
The only thing an attacker needs is the ability to set up TCP connections with a vulnerable DC; i.e. they need to have a foothold on the network, but don’t require any domain credentials to compromise the DC.
-
The patch that addresses Zerologon also implements some additional defense-in-depth measures that forces domain-joined machines to use previously optional security features of the Netlogon protocol.
-
As confirmed by Microsoft, an update in February 2021 will further tighten these restrictions, which may break some third-party devices or software.
-
Installing the August 2020 patch on all domain controllers (also back-up and read-only ones) is sufficient to block the high-impact of exploits detailed herein.