CVE-2020-1472

Warning

Exploit

EPSS 94.43%
Published 17.08.2020 19:15:15
Last modified 07.03.2025 14:57:32
Source secure@microsoft.com
Teams watchlist Login
Open Login

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see  How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Affected products Warnungen 1 Metrics 4 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 1903

Microsoft ≫ Windows Server 1909

Microsoft ≫ Windows Server 2004 Version-

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64

Microsoft ≫ Windows Server 2012 Version-

Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ Windows Server 2019 Version-

Microsoft ≫ Windows Server 20h2 Version-

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Synology ≫ Directory Server Version < 4.4.5-0101

Samba ≫ Samba Version < 4.10.18

Samba ≫ Samba Version >= 4.11.0 < 4.11.13

Samba ≫ Samba Version >= 4.12.0 < 4.12.7

Debian ≫ Debian Linux Version9.0

Oracle ≫ Zfs Storage Appliance Kit Version8.8

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Netlogon Privilege Escalation Vulnerability

Vulnerability

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.43%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
secure@microsoft.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N