d-PIT are aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. Applying patches from Microsoft’s August 2020 Security Advisory for CVE-2020-1472 can prevent exploitation of this vulnerability.

d-PIT urge administrators to patch all domain controllers immediately—until every domain controller is updated, the entire infrastructure remains vulnerable. Review the following resources for more information:

• CERT/CC Vulnerability Note VU#490028
• Microsoft Security Vulnerability Information for CVE-2020-1472
• Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472