A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Privilege Escalation vulnerability in Microsoft Windows Netlogon Remote Protocol

Privilege Escalation vulnerability in Microsoft Windows Netlogon Remote Protocol

Advisory No: TZCERT/SA/2020/09/23

Date of First Release: 23rd September 2020

Source: Microsoft

Software Affected: 

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 2004 (Server Core installation)

Overview:

A vulnerability has been reported in Microsoft Windows Netlogon Remote Protocol, which could be exploited by an attacker to gain elevated privileges on the target system.

Description:

Microsoft Windows Netlogon Remote Protocol (MS-NRPC) is a core authentication component of Active Directory that provides authentication for user and computer accounts. By sending several Netlogon messages in which various fields are filled with zeroes, an unauthenticated attacker could change the computer password of the Domain Controller (DC) that is stored in the Active Directory (AD).

Such a process can then be used to obtain domain administrator privileges.

Impact:

Successful exploitation of this vulnerability could allow the attacker to obtain domain administrator privileges, and cause a denial of service attack.

Solution:

Microsoft has not yet identified any mitigation factors or workarounds for this vulnerability; however, users of the affected systems are advised to install the following latest security updates from Microsoft.

References:

  1. https://www.secura.com/pathtoimg.php?id=2055 
  2. https://cyber.dhs.gov/ed/20-04/
  3. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4570333

Check Also

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Advisory No: TZCERT/SA/2020/09/02 Date of First Release: 2nd September, 2020 Source: CISCO Software Affected: Any Cisco device with an …