As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.
On August 11, 2020, Microsoft released a security update that includes a patch for a severe vulnerability in the NETLOGON protocol CVE-2020-1472. Since no primary technical information was published, the CVE failed to get much attention even though it received a maximum CVSS score of 10.
This vulnerability allows an unauthenticated attacker to access a domain controller, establish a vulnerable Netlogon session, and gain domain administrator privileges.
The vulnerability is critical because the major requirement for a successful exploit is the ability to establish a connection with a domain controller.
Applying the Patch Tuesday update from Microsoft’s Advisory will fix the vulnerability. It enforces a remote procedure call (RPC) in the Netlogon protocol for all Windows devices. Microsoft made a revision to this advisory in February.
Visit the Vicarius Research Center for more information on CVEs and how to remediate them. You can also try a 30-day free trial of our TOPIA solution.
Prefer to listen instead? We got you covered 😏
Our Path to Product-Led Growth
Michael Assraf May 24, 2022OSINT Basics – What is OSINT and Why Do We Do/Need OSINT?
Nikola Kundacina May 22, 2022What is OS Fingerprinting?
Kent Weigle May 16, 2022John the Ripper Pt.4
Nikola Kundacina May 16, 2022John the Ripper Pt. 3
Nikola Kundacina May 09, 2022