jspωiki
Netlogon Remote Protocol

Overview#

Netlogon Remote Protocol (MS-NRPC) is an RPC interface that is used exclusively by AD DOMAIN-joined devices

Netlogon Remote Protocol includes an authentication method and a method of establishing a Netlogon service Schannel SSP.

Updates enforce the specified Netlogon service client behavior to use secure MSRPC with Netlogon service Schannel SSP between member computers and Microsoft Active Directory Domain Controllers (DC).

CVE-2020-1472 - Netlogon Elevation of Privilege Vulnerability#

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon Secure Channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value Initialization Vector (IV) in AES-CFB8 mode.

More Information#

There might be more information for this subject on one of the following: