Original
release date: September 18, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency
Directive (ED) 20-04 addressing a critical vulnerability—
CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An
unauthenticated attacker with network access to a domain controller could
exploit this vulnerability to compromise all Active Directory identity
services.
Earlier this month, exploit
code for this vulnerability was publicly released. Given the nature of the
exploit and documented adversary behavior, CISA assumes active exploitation of
this vulnerability is occurring in the wild.
ED 20-04 applies to Executive Branch departments and agencies; however, CISA
strongly recommends state and local governments, the private sector, and others
patch this critical vulnerability as soon as possible. Review the following
resources for more information:
- CISA
Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege
Vulnerability from August 2020 Patch Tuesday - CERT/CC
Vulnerability Note [VU#490028] - Microsoft
Security Vulnerability Information for CVE-2020-1472 - Microsoft’s guidance on How
to manage the changes in Netlogon secure channel connections associated
with CVE-2020-1472