Shulou(Shulou.com)05/31 Report--

This article will explain in detail how the Netlogon privilege upgrade vulnerability notice CVE-2020-1472 is. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.

1. Summary of vulnerabilities

Microsoft issued a security bulletin on August 11, 2020, announcing information about the Netlogon privilege escalation vulnerability (CVE-2020-1472). We are convinced that the security research team assesses and notifies vulnerabilities based on their importance and impact.

Vulnerability name

Netlogon privilege escalation vulnerability (CVE-2020-1472)

Threat level

High risk

Scope of influence

Windows Server 2008 R2 Service Pack 1

Windows Server 2012, 2012 R2, 2016, 2019

Windows Server, version 1903, 1909, 2004

Vulnerability type

Promotion of privilege

Utilization difficulty

Difficulty

II. Vulnerability Analysis 2.1introduction of NetLogon

NetLogon remote protocol is a RPC interface used in Windows domain control, which is used for a variety of tasks related to user and machine authentication. It is most commonly used to allow users to log in to the server using the NTLM protocol, as well as for NTP response authentication and updating the computer domain password.

Microsoft MSRC issued a security announcement on Netlogon privilege escalation vulnerability on Aug. 11. The CVE number of this vulnerability is CVE-2020-1472 with a CVSS score of 10.0.

2.2 vulnerability description

A privilege escalation vulnerability exists when an attacker uses Netlogon remote Protocol (MS-NRPC) to establish a Netlogon secure channel to connect to a domain controller. When successfully exploited, an attacker can run a specially designed application on a device in the network without authentication to gain administrator privileges for the domain controller.

III. Scope of influence

[affected version]

Windows Server, version 2004 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Solution 4.1 repair plan

Update the Windows version and keep the Windows automatic update on, or you can upgrade manually by downloading the package in the link below

Https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1472

The mandatory mode of DC is enabled. For more information, please refer to the link below.

Https://support.microsoft.com/zh-cn/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

On the Netlogon privilege upgrade vulnerability notice CVE-2020-1472 is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.