CVE-2020-1472 - Microsoft Netlogon Privilege Escalation Vulnerability

Vulnerability Name

Microsoft Netlogon Privilege Escalation Vulnerability

Description

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

Reference CISA's ED 20-04 (https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-04. https://nvd.nist.gov/vuln/detail/CVE-2020-1472

Related News Articles

RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations GloballyFebruary 14, 2025

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long CampaignOctober 18, 2024

Iranian hackers act as brokers selling critical infrastructure accessOctober 17, 2024

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHubSeptember 10, 2024

NoName ransomware gang deploying RansomHub malware in recent attacksSeptember 10, 2024