Given the nature of the vulnerability and that it is likely that exploits will be released in the coming days, Prism Infosec are making its clients aware of a critical vulnerability affecting Microsoft Windows Active Directory (AD) servers. The vulnerability takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process and is described in CVE-2020-1472.
A proof of concept has been released for this vulnerability, which one researcher has claimed is straightforward to modify into an actual exploit. The exploit would allow an unauthenticated attacker (typically on an internal on-premise Microsoft Windows network) to escalate privileges to Domain Admin level.
The vulnerability reportedly affects Microsoft Active Directory running on Microsoft Windows Server 2008R2 – 2019. Prism Infosec recommends ensuring that the August 2020 critical security patches from Microsoft are applied as soon as possible to all Active Directory servers within your domain.
For further details see: –
- https://nvd.nist.gov/vuln/detail/CVE-2020-1472
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
To discuss how Prism Infosec can help to ensure that your organisation is adequately protected from this attack please use the Get in touch page on this web site or email contact@prisminfosec.com.
