!!! Overview
[{$pagename}] ([MS-NRPC]) is an [RPC|MSRPC] interface that is used exclusively by [AD DOMAIN]-joined [devices]


[{$pagename}] includes an [authentication] method and a method of establishing a [Netlogon service]  [Schannel SSP]. 


Updates enforce the specified [Netlogon service] client behavior to use secure [MSRPC] with [Netlogon service] [Schannel SSP] between member computers and [Microsoft Active Directory] [Domain Controllers] (DC).


!! CVE-2020-1472 - Netlogon Elevation of Privilege [Vulnerability]
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon [Secure Channel|Schannel SSP] connection to a domain controller, using the [{$pagename}] ([MS-NRPC]), aka 'Netlogon Elevation of Privilege Vulnerability'.

A flaw was found in the [Microsoft Windows] [{$pagename}] ([MS-NRPC]), where it reuses a known, static, zero-value [Initialization Vector] (IV) in AES-CFB8 mode.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [[MS-NRPC]: Netlogon Remote Protocol|https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f|target='_blank'] - based on information obtained 2020-09-15 
* [#2] - [CVE-2020-1472 - Netlogon Elevation of Privilege Vulnerability|https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472|target='_blank'] - based on information obtained 2020-10-12