CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

release date: September 18, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency
Directive (ED) 20-04
addressing a critical vulnerability—
CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An
unauthenticated attacker with network access to a domain controller could
exploit this vulnerability to compromise all Active Directory identity

Earlier this month, exploit
code for this vulnerability was publicly released
. Given the nature of the
exploit and documented adversary behavior, CISA assumes active exploitation of
this vulnerability is occurring in the wild.

ED 20-04 applies to Executive Branch departments and agencies; however, CISA
strongly recommends state and local governments, the private sector, and others
patch this critical vulnerability as soon as possible. Review the following
resources for more information: