Last month, as part of their monthly rollup, Microsoft released a fix for CVE-2020-1472, a critical vulnerability in Netlogon that allows elevation of privileges. This weekend, exploit code for this vulnerability became available that shows how damaging it can be.
The flaw in Netlogon allows an unauthenticated attacker on an internal network to connect to the domain controller and set a new computer password. The attacker can then use this new password to take over the domain controller and, from there, gain control of the Windows network. Since an attacker would generally need to be on your internal network to communicate with the domain controller to run the attack, attacks from the Internet should be limited.
Microsoft hasn’t yet identified any mitigations or workarounds beyond applying the August 2020 rollup patch. If you haven’t already, you should work to apply the patches to your servers as soon as possible.
Should you have any questions about applying patches or protecting your systems, please reach out to our team and we’ll be happy to help.
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.
About the Author
Sikich
Sikich is a global company specializing in technology-enabled professional services. With more than 1,900 employees, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and is comprised of one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies, Sikich clients utilize a broad spectrum of services* and products to help them improve performance and achieve long-term, strategic goals. *Securities offered through Sikich Corporate Finance LLC, member FINRA/SIPC. Investment advisory services offered through Sikich Financial, an SEC Registered Investment Advisor.
Sign up for Insights
Join 14,000+ Business executives and decision makers.
Latest Insights
Technology
Choosing Case Management Software: A Strategic Guide for Mid...
June 13, 2025
Azure
CHE Load Balancer Migration for Microsoft Dynamics 365 F&...
June 12, 2025
Information Technology
Is Your Business Down Due to IT Failures?
June 11, 2025
AI
Understanding AI Readiness: What It Means for Your Business
June 10, 2025
Dynamics 365>Dynamics 365 Finance and Supply Chain Management
Smarter Production, Leaner Manufacturing Operations: The Cas...
June 9, 2025
Technology
Validating Generative AI: A Practical Framework for Reliabil...
June 6, 2025
Regulatory, Quality, & Compliance
Unlocking the Value of Compliance-as-a-Service (CaaS)
June 5, 2025
Salesforce
5 Signs Your Private Equity Firm Has Outgrown Excel
June 4, 2025
Article
Has Your Outsourced IT Failed You?
June 3, 2025
Technology
How SMBs Can Simplify Reporting with NetSuite Analytics Ware...
June 2, 2025