Netlogon Remote Protocol (MS-NRPC
) is an RPC
interface that is used exclusively by AD DOMAIN
Netlogon Remote Protocol includes an authentication method and a method of establishing a Netlogon service Schannel SSP.
Updates enforce the specified Netlogon service client behavior to use secure MSRPC with Netlogon service Schannel SSP between member computers and Microsoft Active Directory Domain Controllers (DC).
CVE-2020-1472 - Netlogon Elevation of Privilege Vulnerability#
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon Secure Channel
connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC
), aka 'Netlogon Elevation of Privilege Vulnerability'.
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value Initialization Vector (IV) in AES-CFB8 mode.
There might be more information for this subject on one of the following:
- - [MS-NRPC]: Netlogon Remote Protocol|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f|target='_blank'] - based on information obtained 2020-09-15
- - CVE-2020-1472 - Netlogon Elevation of Privilege Vulnerability - based on information obtained 2020-10-12