A Windows vulnerability recently patched by Microsoft, registering a CVSS score of 10, could allow attackers instant access to Active Directory.
The vulnerability (CVE-2020-1472) subverts Netlogon cryptography, providing a gateway to an enterprise’s internal network for an intruder to gain Domain Admin status with one click, according to a Secura blog post.
“This flaw allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf,” wrote Tom Tervoort, senior security specialist and Ralph Moonen, technical director. “All that is required is for a connection to the Domain Controller to be possible from the attacker’s viewpoint,” they added.
The serious nature of the flaw’s potential harm prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert that users patch immediately if they had not done so already after Microsoft’s security advisory in August.
The Netlogon Remote Protocol involves the updating of computer passwords. An attacker can create a new password and then take control over the Domain Controller, as well as steal credentials of a domain admin, according to a Secura white paper explaining how researchers discovered the exploit and its technical details.