Actively exploited vulnerability

CVE-2020-1472: Microsoft Netlogon Privilege Escalation Vulnerability

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

CISA KEV source 3 Nov 2021 added 3 May 2022 remediation due

Affected product

Microsoft ยท Netlogon

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2020-1472.