Critical Windows “MS-NRPC” Exploit ZeroLogon (CVE-2020-1472)

Microsoft issued a security update guide on August 11, 2020 and a security patch for a critical vulnerability in Microsoft Netlogon Remote Protocol “MS-NRPC“ that allows attackers to gain domain administrator access to the Active Directory server and perform malicious activities.

The vulnerability was discovered by Secura’s security expert Tom Tervoort and it was given the highest rating score. (CVSS score: 10.0)

Exploits and proof of concept are currently available with reports that the vulnerability is being exploited in the wild.

Any attacker with any unauthenticated access to the domain controller can exploit this vulnerability and escalate his/her privilege to become a domain admin with just one click.

Install the Microsoft August Tuesday update which will fix this vulnerability in the server by enforcing RPC in the Netlogon protocol for all windows devices.

As Microsoft said: “A security update was released in August 2020. Customers who apply the update, or have automatic updates enabled, will be protected.”

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
• https://arstechnica.com/information-technology/2020/09/new-windows-exploit-lets-you-instantly-become-admin-have-you-patched/
• https://www.secura.com/blog/zero-logon