CVE - CVE-2020-1472

CVE-ID
CVE-2020-1472	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:FEDORA-2020-0be2776ed3 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/ MISC:FEDORA-2020-77c15664b0 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/ MISC:FEDORA-2020-a1d139381a URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/ MISC:GLSA-202012-24 URL:https://security.gentoo.org/glsa/202012-24 MISC:USN-4510-1 URL:https://usn.ubuntu.com/4510-1/ MISC:USN-4510-2 URL:https://usn.ubuntu.com/4510-2/ MISC:USN-4559-1 URL:https://usn.ubuntu.com/4559-1/ MISC:VU#490028 URL:https://www.kb.cert.org/vuls/id/490028 MISC:[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update URL:https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html MISC:[oss-security] 20200917 Samba and CVE-2020-1472 ("Zerologon") URL:http://www.openwall.com/lists/oss-security/2020/09/17/2 MISC:http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html URL:http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html MISC:http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html URL:http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 MISC:https://www.oracle.com/security-alerts/cpuApr2021.html URL:https://www.oracle.com/security-alerts/cpuApr2021.html MISC:https://www.synology.com/security/advisory/Synology_SA_20_21 URL:https://www.synology.com/security/advisory/Synology_SA_20_21 MISC:openSUSE-SU-2020:1513 URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html MISC:openSUSE-SU-2020:1526 URL:http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html
Assigning CNA
Microsoft Corporation
Date Record Created
20191104	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20191104)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)