MSNRPC, CVE-2020-1472

Critical Windows “MS-NRPC” Exploit (CVE-2020-1472) ZeroLogon

About

Microsoft issued a security update guide on August 11, 2020 and a security patch for a critical vulnerability in Microsoft Netlogon Remote Protocol “MS-NRPC“ that allows attackers to gain domain administrator access to the Active Directory server and perform malicious activities.

The vulnerability was discovered by Secura’s security expert Tom Tervoort and it was given the highest rating score. (CVSS score: 10.0)

Will Dormann confirms that the public exploit for Zerologon (CVE-2020-1472) works.

Exploits and proof of concept are currently available with reports that the vulnerability is being exploited in the wild.

What Does This Mean to our Partners?

Any attacker with any unauthenticated access to the domain controller can exploit this vulnerability and escalate his/her privilege to become a domain admin with just one click.

Mitigation

Install the Microsoft August Tuesday update which will fix this vulnerability in the server by enforcing RPC in the Netlogon protocol for all windows devices.

As Microsoft said: “A security update was released in August 2020. Customers who apply the update, or have automatic updates enabled, will be protected.”

Get More Information

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

https://arstechnica.com/information-technology/2020/09/new-windows-exploit-lets-you-instantly-become-admin-have-you-patched/

https://www.secura.com/blog/zero-logon

BlackPoint Cyber