On Friday, September 18, 2020, Homeland Security Cybersecurity & Infrastructure Security Department issued an Emergency Directive regarding the Windows Server Netlogon Elevation of Privilege Vulnerability This Windows server operating system vulnerability could allow a cyber attacker to gain access to your Domain Controller (authentication server). From there, the attacker can give themselves administrative privileges for your network, start to run malicious software, and exfiltrate sensitive data.
Technically speaking, an elevation of privilege vulnerability exists when an unauthenticated attacker establishes a vulnerable Netlogon secure channel connection to a domain controller to obtain domain administrator access. The attacker could then run a specially crafted application on a device on the network.
Microsoft has addressed the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. Microsoft provided patches for this critical vulnerability (CVE-2020-1472) on August 11, 2020. Customers of Systems Engineering with a managed patching contract, received this patch on August 20, 2020 (our August patch release day).
The most important step is to continue to deploy and use critical security controls such as keeping your systems up-to-date with the latest patches and security updates. If you are not a managed patching customer of Systems Engineering, we highly recommend you apply the security patch as soon as possible.
If you have questions about security vulnerabilities or would like more information on our managed patching services, connect with Systems Engineering at firstname.lastname@example.org, or 888.624.6737. Customers, please reach out to your Account Manager with any questions.