Netlogon Elevation of Privilege Vulnerability

15 September 2020 - by Blue Team

A critical vulnerability(CVE-2020-1472), which has received the maximum severity rating of 10 by Microsoft, was found on Netlogon Remote Protocol (MS-NRPC) which can potentially allow priviledge escalation.
The vulnerability presents it self when attempting to authenticate to a Domain Controller (DC), allowing an attacker to give himself domain admin privileges by exploiting it.

Recommended Actions:

Applying the latest Patch from Microsoft’s Advisory will fix the vulnerability, by enforcing remote procedure call (RPC) in the Netlogon protocol for all Windows devices.

You can find more information available in Microsoft Security advisories, including mitigation actions.