Imechapishwa: Sep 24, 2020 05:02
Advisory No:
Source:
Software Affected:
Advisory No: TZCERT/SA/2020/09/23
Date of First Release: 23rd September 2020
Source: Microsoft
Software Affected:
Overview:
A vulnerability has been reported in Microsoft Windows Netlogon Remote Protocol, which could be exploited by an attacker to gain elevated privileges on the target system.
Description:
Microsoft Windows Netlogon Remote Protocol (MS-NRPC) is a core authentication component of Active Directory that provides authentication for user and computer accounts. By sending several Netlogon messages in which various fields are filled with zeroes, an unauthenticated attacker could change the computer password of the Domain Controller (DC) that is stored in the Active Directory (AD).
Such a process can then be used to obtain domain administrator privileges.
Impact:
Successful exploitation of this vulnerability could allow the attacker to obtain domain administrator privileges, and cause a denial of service attack.
Solution:
Microsoft has not yet identified any mitigation factors or workarounds for this vulnerability; however, users of the affected systems are advised to install the following latest security updates from Microsoft.
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.