Proof-of-concept (PoC) exploitation code is now in circulation for a critical privilege elevation vulnerability (CVE-2020-1472) in the Microsoft Netlogon Remote Protocol (MS-NRPC). This vulnerability, also known as "Zerologon," occurs when establishing a secure channel connection to a Windows domain controller.
Exploitation could allow an unauthenticated remote attacker on the local network to gain domain administrator privileges on vulnerable systems. The first phase to mitigate this vulnerability is to install the August 11th, 2020 update patch to all domain controllers. The second phase is scheduled to be released in early 2021.
The mitigation update for this vulnerability was installed before the end of August for all Aspire cloud hosting systems and CoNetrix Technology customers with a patch management service agreement. All other CoNetrix Technology and CoNetrix Security customers should install this update as soon as possible.
For CoNetrix Technology Cybersecurity Monitoring customers, we are working with our SIEM provider to identify and send alerts when this exploit is attempted on domain controllers. However, the August 11th update is required to be installed before the security log entries will be created. We will post an update when these new alerts are operational.
Please contact CoNetrix Customer Service at firstname.lastname@example.org or 806-698-9600 if you have any questions or need assistance with installing the August 11th update.