#VU45628 Permissions, Privileges, and Access Controls in Windows Server


Published: 2020-09-01 | Updated: 2023-02-20

Vulnerability identifier: #VU45628

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2020-1472

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Netlogon. A remote non-authenticated attacker can use MS-NRPC to connect to a domain controller to obtain domain administrator access. This vulnerability was dubbed ZeroLogon.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2008 R2 - 2019 2004

CPE

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
http://www.secura.com/blog/zero-logon

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Red Hat Gluster Storage Server for On-premise update for samba
Multiple vulnerabilities in Junos Space
Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 8 update for samba
Red Hat Enterprise Linux 8 update for samba
Multiple vulnerabilities in Oracle ZFS Storage Appliance Kit
Amazon Linux AMI update for samba
Gentoo update for Samba
CentOS 7 update for samba
Red Hat Enterprise Linux 7 update for samba
Netlogon elevation of privilege vulnerability in Huawei FusionAccess