Vulnerability name :Microsoft Netlogon Elevation of Privilege (Zerologon)

asked 2021-05-03T11:38:30.043+00:00
Shihas Shamsudheen 21 Reputation points

Dear Team,

please help to resolve the vulnerability : Microsoft Netlogon Elevation of Privilege (Zerologon)

Description : The Netlogon service on the remote host is vulnerable to the zerologon vulnerability. An unauthenticated, remote attacker can exploit this, by spoofing a client credential to establish a secure channel to a domain controller using the Netlogon remote protocol (MS-NRPC). The attacker can then use this to change the computer's Active Directory (AD) password, and escalate privileges to domain admin.

In order for this plugin to run, you must disable 'Only use credentials provided by the user' in the scanner settings.

can you please assist me to resolve this issue.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,145 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,597 questions
No comments
{count} votes

Accepted answer
  1. answered 2021-05-04T00:36:38.813+00:00
    Fan Fan 15,041 Reputation points

    Hi,
    Microsoft is addressing this vulnerability in a phased rollout. The initial deployment phase starts with the Windows updates released on August 11, 2020. The updates will enable the Domain Controllers (DCs) to protect Windows devices by default, log events for non-compliant device discovery, and have the option to enable protection for all domain-joined devices with explicit exceptions.

    The second phase, planned for a Q1 2021 release, marks the transition into the enforcement phase. The DCs will be placed in enforcement mode, which requires all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant device.
    For more information, you can refer to the following links:
    Netlogon Elevation of Privilege Vulnerability
    How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472

    Best Regards,


2 additional answers

Sort by: Most helpful
  1. answered 2021-05-03T12:29:48.67+00:00
    Dave Patrick 328.6K Reputation points Microsoft MVP

    More info here.
    https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e

    basically check that all members are patched fully.

    --please don't forget to Accept as answer if the reply is helpful--

    No comments

  2. answered 2021-05-04T00:48:06.937+00:00
    Dave Patrick 328.6K Reputation points Microsoft MVP

    Any progress or updates?

    --please don't forget to Accept as answer if the reply is helpful--

    No comments