As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.
CVE-2020-1472
Technical Background
On August 11, 2020, Microsoft released a security update that includes a patch for a severe vulnerability in the NETLOGON protocol CVE-2020-1472. Since no primary technical information was published, the CVE failed to get much attention even though it received a maximum CVSS score of 10.
This vulnerability allows an unauthenticated attacker to access a domain controller, establish a vulnerable Netlogon session, and gain domain administrator privileges.
The vulnerability is critical because the major requirement for a successful exploit is the ability to establish a connection with a domain controller.
Exploit Steps Overview
- Establish an unsecure Netlogon channel against a domain controller by performing a brute-force attack using an 8 zero-bytes challenge and ciphertext, while tricking the identity of that same domain controller.
- Use the NetrServerPasswordSet2 call to set the domain controller account’s password, as stored in Active Directory, to an empty one. This breaks some of the domain controller functionality since the password stored in the domain controller’s registry does not change.
- Use the empty password to connect to that same domain controller and dump additional hashes by using the Domain Replication Service (DRS) protocol.
- Revert the domain controller password to the original one as stored in the local registry to avoid detection.
- Exploit the hashes dumped from stage 3 to perform any preferred attack.
Solution
Applying the Patch Tuesday update from Microsoft’s Advisory will fix the vulnerability. It enforces a remote procedure call (RPC) in the Netlogon protocol for all Windows devices. Microsoft made a revision to this advisory in February.
Visit the Vicarius Research Center for more information on CVEs and how to remediate them. You can also try a 30-day free trial of our TOPIA solution.
Prefer to listen instead? We got you covered 😏
Written by
Kent Weigle
Recent Posts
1
Vulnerability Remediation Guidelines
Kent Weigle October 14, 20212
What is Vulnerability Remediation?
Kent Weigle October 08, 20213
Average Time to Remediation Hits 205 Days
Kent Weigle August 12, 20214
Vulnerability Management: What You Need To Know
Kent Weigle July 12, 20215
Vicarius Records Signs Underground Sensation Lil CISO
Kent Weigle July 28, 2021
Related Posts
Vulnerability Remediation Guidelines
Much to our detriment, new software vulnerabilities are discovered on a daily basis. For security professionals and companies alike, this becomes a significant concern. Companies must be able to follow a procedure to guarantee that they do not fall prey to these flaws.
What is Vulnerability Remediation?
Vulnerability remediation is the process of discovering IT vulnerabilities and assessing their risks to develop viable countermeasures and remedies. This assessment is a proactive strategy to addressing the vulnerabilities and, if feasible, eliminating the risk.
Average Time to Remediation Hits 205 Days
According to a report from NTT | Application Security, the average time it takes for vulnerability management teams to remediate cybersecurity vulnerabilities has increased to 205 days. This implies that vulnerability management and patch management don’t receive the support required for effective security hygiene on a systemic level even in the face of the numerous security breaches that have become a mainstay in the global news.
Start Closing Security Gaps
- Risk reduction from Day 1
- Fast set-up and deployment
- Unified platform
- Full-featured 30-day trial
