Last month, as part of their monthly rollup, Microsoft released a fix for CVE-2020-1472, a critical vulnerability in Netlogon that allows elevation of privileges. This weekend, exploit code for this vulnerability became available that shows how damaging it can be.
The flaw in Netlogon allows an unauthenticated attacker on an internal network to connect to the domain controller and set a new computer password. The attacker can then use this new password to take over the domain controller and, from there, gain control of the Windows network. Since an attacker would generally need to be on your internal network to communicate with the domain controller to run the attack, attacks from the Internet should be limited.
Microsoft hasn’t yet identified any mitigations or workarounds beyond applying the August 2020 rollup patch. If you haven’t already, you should work to apply the patches to your servers as soon as possible.
Should you have any questions about applying patches or protecting your systems, please reach out to our team and we’ll be happy to help.