[conspire] [OT] Microsoft security: CVE-2020-1472 (10/10 patch it NOW if not already done so) Netlogon / Zerologon
Rick Moen
rick at linuxmafia.com
Fri Sep 25 23:36:17 PDT 2020
Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
> If I'm reading correctly, allows unauthenticated remote compromise
> of Administrator on Active Directory (AD) Domain Controllers (DCs).
> Microsoft released patch/update 2020-08-11, but not everyone is
> caught up yet.
Ugh! Yes, definitely a five-alarm fire example. (Those words,
'unauthenticated remote compromise of Administrator on Active Directory
(AD) Domain Controllers', are words you want to never hear.)
I see it involves privilege escalation after talking to MS-NRPC, which
is Microsoft's copy of Unix's remote procedure call (RPC) portmapper
service -- which is infamously a menace and one of the reasons why NFS
(which relies on the RPC portmapper) is not considered safe to expose to
public networks. Without digging deeper into the CVE-2020-1472 matter
discussed in this case, my instinct would always be that portmappers
must _not_ be exposed to attack from hostile hosts or networks, and I'm
utterly unsurprised that a flaw in Microsoft's has bit them with a
priority 10-severity CVE.
More information about the conspire
mailing list