CVE-2020-1472 Unauthenticated full AD domain takeover

[Alex Keller <axkeller () STANFORD EDU>]


Hello EDUCAUSE Security Folks,

Windows Active Directory Domain Controllers unpatched for CVE-2020-1472 are at grave risk.

Highest possible CVSS score of 10.0, this is an unauthenticated Active Directory domain takeover with exploit code 
circulating publicly.

https://www.secura.com/blog/zero-logon

https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472

Microsoft is creatively calling this a “Netlogon Elevation of Privilege Vulnerability”, which is misleading as it 
allows for full AD compromise with no authentication nor privileges.

Best,
Alex

Alex Keller
Stanford | Engineering
Information Technology
axkeller () stanford edu<mailto:axkeller () stanford edu>
(650)736-6421<tel:(650)736-6421>



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community