Netlogon elevation of privilege vulnerability (CVE-2020-1472)

The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.
Alert status
HIGH

Proof of concept code to exploit the vulnerability is now freely available online and has been integrated into common exploit frameworks and tools.

CVE-2020-1472 also affects several other products not previously covered by the advisory including, but not limited to:

  • Samba implementations on Linux systems prior to v4.8. This includes all Linux distributions that utilise the official Samba packages.

In most cases, CVE-2020-1472 is a privilege escalation vulnerability. However, adversaries may be able exploit the vulnerability for initial access if a Domain Controller is internet-exposed.

Content complexity
Moderate
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Become anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Acknowledgement of Country icon
Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.
Authorised by the Australian Government, Canberra