Vulnerability name :Microsoft Netlogon Elevation of Privilege (Zerologon)

Shihas Shamsudheen 21 Reputation points
2021-05-03T11:38:30.043+00:00

Dear Team,

please help to resolve the vulnerability : Microsoft Netlogon Elevation of Privilege (Zerologon)

Description : The Netlogon service on the remote host is vulnerable to the zerologon vulnerability. An unauthenticated, remote attacker can exploit this, by spoofing a client credential to establish a secure channel to a domain controller using the Netlogon remote protocol (MS-NRPC). The attacker can then use this to change the computer's Active Directory (AD) password, and escalate privileges to domain admin.

In order for this plugin to run, you must disable 'Only use credentials provided by the user' in the scanner settings.

can you please assist me to resolve this issue.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,239 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,960 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,301 Reputation points Microsoft Vendor
    2021-05-04T00:36:38.813+00:00

    Hi,
    Microsoft is addressing this vulnerability in a phased rollout. The initial deployment phase starts with the Windows updates released on August 11, 2020. The updates will enable the Domain Controllers (DCs) to protect Windows devices by default, log events for non-compliant device discovery, and have the option to enable protection for all domain-joined devices with explicit exceptions.

    The second phase, planned for a Q1 2021 release, marks the transition into the enforcement phase. The DCs will be placed in enforcement mode, which requires all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant device.
    For more information, you can refer to the following links:
    Netlogon Elevation of Privilege Vulnerability
    How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472

    Best Regards,


2 additional answers

Sort by: Most helpful
  1. Dave Patrick 426.2K Reputation points MVP
    2021-05-03T12:29:48.67+00:00

    More info here.
    https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e

    basically check that all members are patched fully.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Dave Patrick 426.2K Reputation points MVP
    2021-05-04T00:48:06.937+00:00

    Any progress or updates?

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments