What You Need to Know About the Netlogon Vulnerability

September 14, 2020

Last month, as part of their monthly rollup, Microsoft released a fix for CVE-2020-1472, a critical vulnerability in Netlogon that allows elevation of privileges. This weekend, exploit code for this vulnerability became available that shows how damaging it can be.

The flaw in Netlogon allows an unauthenticated attacker on an internal network to connect to the domain controller and set a new computer password. The attacker can then use this new password to take over the domain controller and, from there, gain control of the Windows network. Since an attacker would generally need to be on your internal network to communicate with the domain controller to run the attack, attacks from the Internet should be limited.

Microsoft hasn’t yet identified any mitigations or workarounds beyond applying the August 2020 rollup patch. If you haven’t already, you should work to apply the patches to your servers as soon as possible.

Should you have any questions about applying patches or protecting your systems, please reach out to our team and we’ll be happy to help.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

SIGN-UP FOR INSIGHTS

Join 14,000+ business executives and decision makers

Upcoming Events

Latest Insights

planning for the benefits of NetSuite and Salesforce integration

Planning on NetSuite and Salesforce Integration Benefits

September 22, 2023

Veeam 12 and Azure Blob Immutable Storage for Backups

September 21, 2023

early-intervention-group-of-people-talking

Workplace Violence Prevention in Action – Q&A With an Expert

September 21, 2023

About The Author

Sikich LLP

Sikich LLP is a global company specializing in technology-enabled professional services. With more than 1,600 employees, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and ranks as one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies, Sikich clients utilize a broad spectrum of services* and products to help them improve performance and achieve long-term, strategic goals. *Securities offered through Sikich Corporate Finance LLC, member FINRA/SIPC. Investment advisory services offered through Sikich Financial, an SEC Registered Investment Advisor. 