Important information for organizations who have Microsoft Windows Server 2008 Domain Controllers or with unsupported systems.
-----------
In September of last year, Homeland Security Cybersecurity & Infrastructure Security Department issued an Emergency Directive regarding the Windows Server Netlogon Elevation of Privilege Vulnerability. This vulnerability allows an attacker, who has already compromised a network, to move laterally. Without credentials (username and password), the hacker is able to take over Windows domain controllers via insecure connections.
Systems Engineering clients with managed patching service and monitoring contracts with supported operating systems (Windows server 2012, 2012 R2, 2016, and 2019) received the critical security patch update to address this vulnerability. The update ensures secure connections to domain controllers on all supported operating systems. This patch was phase 1 of a two-part security feature rollout by Microsoft.
On February 9, 2021, Microsoft announced phase 2. This second phase involves the enforcement of secure domain controller connections. Enforcement will be applied with security updates moving forward and accomplished via a system update.
Be advised that once enforcement is applied, older, unsupported operating systems attempting to make insecure connections to their network domain controller may be denied. This means those running end-of-life Windows 2008 server domain controllers on-premises will not receive this critical patch and will remain at high-risk for the CVE-2020-1472 vulnerability.
If you are running an unsupported operating system within your business, here's what you can do:
Upgrading is your most secure, safest option. We can not recommend this course of action strongly enough.
Systems Engineering highly discourages customers from utilizing unsupported operating systems. It puts your business's network and its data at serious risk.
Currently, we have not observed significant impact across our customer-base. Clients please note: Work done by Systems Engineering to remediate this issue on any unsupported, outdated systems will be outside contract terms.
Systems Engineering will be reaching out to clients with managed endpoints, servers, and workstations that are at risk due to this new requirement from Microsoft.
If you have questions about this security alert, please reach out to your Account Manager.