This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Netlogon Remote Protocol
Netlogon Remote Protocol

Version management

Difference between version and

At line 1 added 69 lines
!!! Overview
[{$pagename}] ([MS-NRPC]) is an [RPC|MSRPC] interface that is used exclusively by [AD DOMAIN]-joined [devices]
[{$pagename}] includes an [authentication] method and a method of establishing a [Netlogon service] [Schannel SSP].
Updates enforce the specified [Netlogon service] client behavior to use secure [MSRPC] with [Netlogon service] [Schannel SSP] between member computers and [Microsoft Active Directory] [Domain Controllers] (DC).
!! CVE-2020-1472 - Netlogon Elevation of Privilege [Vulnerability]
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon [Secure Channel|Schannel SSP] connection to a domain controller, using the [{$pagename}] ([MS-NRPC]), aka 'Netlogon Elevation of Privilege Vulnerability'.
A flaw was found in the [Microsoft Windows] [{$pagename}] ([MS-NRPC]), where it reuses a known, static, zero-value [Initialization Vector] (IV) in AES-CFB8 mode.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [[MS-NRPC]: Netlogon Remote Protocol|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f|target='_blank'] - based on information obtained 2020-09-15
* [#2] - [CVE-2020-1472 - Netlogon Elevation of Privilege Vulnerability|https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472|target='_blank'] - based on information obtained 2020-10-12
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop