top of page

Microsoft Response to Zerologon flaw

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472

Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020 and now

To learn more about the vulnerability, see CVE-2020-1472.

To protect your environment and prevent outages, you must do the following:

  1. UPDATE your Domain Controllers with an update released August 11, 2020 or later.

  2. FIND which devices are making vulnerable connections by monitoring event logs.

  3. ADDRESS non-compliant devices making vulnerable connections.

  4. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

Starting February 2021, enforcement mode will be enabled on all Windows Domain Controllers and will block vulnerable connections from non-compliant devices. At that time, you will not be able to disable enforcement mode. Considering the severity of the vulnerability, it is advised that all Domain Controllers be updated with the latest security patch as soon as possible

To know more how you can manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 please visit below link

How to manage the changes in Netlogon secure channel

39 views0 comments
bottom of page