An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller,
To protect your environment and prevent outages, you must do the following:
Note Step 1 of installing updates released August 11, 2020 or later will address security issue in CVE-2020-1472 for Active Directory domains and trusts, as well as Windows devices. To fully mitigate the security issue for third-party devices, you will need to complete all the steps.
Warning Starting February 2021, enforcement mode will be enabled on all Windows Domain Controllers and will block vulnerable connections from non-compliant devices. At that time, you will not be able to disable enforcement mode.
UPDATE your Domain Controllers with an update released August 11, 2020 or later.
FIND which devices are making vulnerable connections by monitoring event logs.
ADDRESS non-compliant devices making vulnerable connections.
ENABLE enforcement mode to address CVE-2020-1472 in your environment.
