Critical Windows Server vulnerability

Critical security vulnerability CVE-2020-1472(external link) was recently released by Microsoft. This disclosure advises users of an elevation of privilege vulnerability that exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). Exploit code for this vulnerability has been released publicly(external link).

The NCSC strongly recommends that organisations review the advisory(external link) and take action as appropriate.

For information on how to manage the changes required for this vulnerability, click here(external link).