September 30, 2020

CVE-2020-1472: NetLogon Privilege Escalation Vulnerability Alert

1 min read

On August 11, 2020, Windows officially released a risk notice for the NetLogon privilege escalation vulnerability, the vulnerability number is CVE-2020-1472, vulnerability level is serious, the vulnerability score is 10 points.

The NetLogon component is an important functional component of Windows. It is used to authenticate users and machines on the intra-domain network, and to replicate the database for domain control backup. It is also used to maintain domain members and domains, between domains and domain control, the relationship between domain DC and cross-domain DC.
KB4532441
When an attacker establishes a vulnerable secure channel with the domain controller through NetLogon (MS-NRPC), this vulnerability can be used to gain access to the domain controller. An attacker who successfully exploited this vulnerability could run specially designed applications on devices in the network.

Affected version

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 2004 (Server Core installation)

Solution

In this regard, we recommend that users install the latest relevant patches for each Windows Server operating system in time. At the same time.