Multiple vulnerabilities in Microsoft Windows NetLogon

1) Improper Authentication

EUVDB-ID: #VU22718

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-1384

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the NETLOGON message is able to obtain the session key and sign messages. A remote authenticated attacker can send a specially crafted authentication request, bypass authentication process and gain unauthorized access to another machine using the original user privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1903

Windows Server: 2008 - 2019 1903

CPE2.3

• cpe:2.3:o:microsoft:windows:7:*:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1384

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU22664

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-1424

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to the Windows Netlogon improperly handles a secure communications channel. A remote attacker can perform a man-in-the-middle attack and downgrade aspects of the connection allowing for further modification of the transmission.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1903

Windows Server: 2008 - 2019 1903

CPE2.3

• cpe:2.3:o:microsoft:windows:7:*:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1424

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?