In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail how to understand the NetLogon privilege promotion vulnerability CVE-2020-1472. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.
Brief introduction of 0x01 vulnerability
On August 12, 2020, 360CERT Monitoring found that Windows officially issued a risk notice for the NetLogon privilege escalation vulnerability, the vulnerability number is CVE-2020-1472, vulnerability level: serious, vulnerability score: 10.
When an attacker establishes a vulnerable secure channel with a domain control through NetLogon (MS-NRPC), he can take advantage of this vulnerability to gain domain administration access. An attacker who successfully exploits this vulnerability can run specially designed applications on devices in the network.
In this regard, 360CERT recommends that the majority of users install the latest relevant patches for each Windows Server operating system in time. At the same time, please do a good job of asset self-examination and prevention to avoid hacker attacks.
0x02 risk rating
360CERT's assessment of the vulnerability is as follows
Rating methods, threat levels, serious impact, extensive 360CERT scores, 10 0x03 vulnerability details
NetLogon component is an important functional component on Windows, which is used to authenticate users and machines on the intra-domain network, and to replicate the database for domain control backup. It is also used to maintain the relationship between domain members and domain, domain and domain control, domain DC and cross-domain DC.
A privilege escalation vulnerability exists when an attacker uses Netlogon remote Protocol (MS-NRPC) to establish a vulnerable Netlogon secure channel to connect to a domain controller. An attacker who successfully exploits this vulnerability can run specially designed applications on devices in the network.
0x04 affects version
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
0x05 repair recommendation General repair recommendation
360CERT recommends an one-click update by installing a 360 security guard.
Microsoft Windows version updates should be carried out in a timely manner and Windows automatic updates should be kept on.
The process for Windows server / Windows to detect and turn on Windows automatic updates is as follows
Click the start menu and select Control Panel from the pop-up menu to proceed to the next step.
Click "system and Security" on the control panel page to enter the settings.
In the new interface that pops up, select enable or disable automatic updates in windows update.
Then go to the settings window, expand the drop-down menu item, and select the automatic installation update (recommended).
Manual upgrade scenario:
Find your own vulnerability patches that match the operating system version through the link below, and download and install the patches.
CVE-2020-1472 | NetLogon privilege escalation vulnerability
Https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1472
0x06 product side solution 360Security Guard
For this security update, Windows users can install the corresponding patch through the 360 security guard, and users on other platforms can update vulnerable products according to the updated version in the list of repair suggestions.
360CERT recommends that the majority of users use 360 security guards to check the safety of the equipment regularly in order to do a good job of asset self-examination and protection.
360 security analysis response platform
The security analysis and response platform of the security brain detects and blocks network attacks in real time by means of network traffic detection and multi-sensor data fusion association analysis, and asks users to contact the relevant product area leaders or (shaoyulong#360.cn) to obtain the corresponding products.
On the NetLogon privilege promotion vulnerability CVE-2020-1472 how to understand the sharing here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 203
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.