CVE-2020-1472 “Zerologon” Critical Privilege Escalation critical vulnerability
by CIRT Team
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.
The prime elements of this vulnerability are the weak encryption standards and the authentication process used in the Netlogon protocol. As new Windows Domain Controllers use standard AES-256 as encryption standards, incorrect use of the AES mode results in spoofing the identity of any computer (DC) account and replace it with all zeroes or empty passwords. As the final output replaces all characters of the password with zeroes, this bug is also well-known as “Zerologon”.
Severity: 10.0 CRITICAL
After successfully exploiting this vulnerability, attackers are able to elevate their privileges to a domain administrator and take over a domain.
Windows Servers 2008
Windows Servers 2012 R2
Windows Servers 2016
Windows Servers 2019
For full list please visit: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
26 Oct 2023 - Security Advisories & Alerts