HTG Blog

Microsoft Vulnerability: Unpatched Domain Controllers Remain Vulnerable

Written by Michael Markulec | Sep 26, 2020 1:00:00 PM

With most businesses operating with a hybrid onsite & remote workforce, new vulnerabilities are putting critical data and systems at risk.  Harbor will continue to monitor the cybersecurity newsfeeds and provide you with relevant information.

On September 18th, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) released an emergency directive (Emergency Directive 20-04) that focuses on a vulnerability affecting the Microsoft Windows Netlogon Remote Protocol. For context, Microsoft Windows Netlogon is the Microsoft Active Directory service that authenticates users and other services within an organization’s domain.

The addressed vulnerability allows for an unauthenticated attacker to compromise the active directory identity services of an organization should they have network access to a domain controller. Should this vulnerability be exploited against your organization, the attacker could gain domain administrator privileges by changing the Active Directory password, which could cause devastating amounts of damage.

To mitigate this risk, CISA recommends (and require for all government agencies and contractors) that organizations update all Windows Servers with the domain controller role. The update they are referring to is the August 2020 Security Update. If the domain controller(s) cannot be updated, it should be removed from the network. Organizations should also ensure that there are plans in place to check that all domain controller servers are updated before they are reconnected to the organization’s networks.

Along with the linked CISA page about the vulnerability above, you can find information from Microsoft as well using this link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472.