What You Need to Know About the Netlogon Vulnerability

Reading Time: 1 minute

Share:

Share on facebook
Share on twitter
Share on linkedin

Last month, as part of their monthly rollup, Microsoft released a fix for CVE-2020-1472, a critical vulnerability in Netlogon that allows elevation of privileges. This weekend, exploit code for this vulnerability became available that shows how damaging it can be.

The flaw in Netlogon allows an unauthenticated attacker on an internal network to connect to the domain controller and set a new computer password. The attacker can then use this new password to take over the domain controller and, from there, gain control of the Windows network. Since an attacker would generally need to be on your internal network to communicate with the domain controller to run the attack, attacks from the Internet should be limited.

Microsoft hasn’t yet identified any mitigations or workarounds beyond applying the August 2020 rollup patch. If you haven’t already, you should work to apply the patches to your servers as soon as possible.

Should you have any questions about applying patches or protecting your systems, please reach out to our team and we’ll be happy to help.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

SIGN-UP FOR INSIGHTS

GET UPDATES FROM OUR EXPERTS
  • This field is for validation purposes and should be left unchanged.

Upcoming Events

  1. Q1 Virtual Payroll Peer Roundtable

    January 21 @ 1:00 pm - 2:00 pm CST

  2. Third Annual Higher Education CFO Forum- Virtual

    February 9 @ 9:00 am - 11:30 am CST

  3. Year-End Planning & Beyond Webinar Series

    February 9 @ 12:00 pm - 1:00 pm CST

View All Events

Latest Insights

View All Insights

About The Author

Kevin Bong

Kevin Bong

Kevin is a Director at Sikich and leads the penetration testing and forensic incident response teams. He focuses on helping address the information security and compliance issues faced by a myriad of institutions. Prior to joining Sikich, Kevin spent 12 years as a Vice President of a multi-billion-dollar financial group, leading the bank’s security and IT risk management activities. With his experience performing audits, penetration testing, risk assessments, and forensic investigations, Kevin provides invaluable guidance to institutions affected by standards such as those related to the FFIEC, NIST, HIPAA, and PCI. Kevin is the creator of the MiniPwner, a pocket-size penetration testing device used to gain remote access to a network. He’s also an author, instructor, and a speaker at conferences like RSA, DerbyCon, Security BSides, and WACCI. Kevin has a Master of Science Degree in Information Security Engineering from the SANS Institute. In addition, he is a Payment Card Industry Core Forensic Investigator and Qualified Security Assessor (QSA). Kevin has expertise as a Certified Information Systems Security Professional (CISSP) and as a Certified Information Security Auditor (CISA). Additionally, he is a Project Management Professional (PMP) who holds numerous Global Information Assurance Certifications (GIAC), including GIAC Security Expert (GSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Perimeter Protection Analyst (GPPA), GIAC Security Essentials (GSEC), GIAC Certified Forensic Analyst (GCFA) and GIAC Assessing and Auditing Wireless Networks (GAWN).