Windows 10: Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Chumbima · Jun 30, 2022

Hi,I was looking for a patch to apply to some Windows Servers and found this link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472When clicking the download link for the KB it redirects to another page but there is no KBs to download nor a reference to another one.My question is then ¿ Where can I find the KBs that cover this vulnerability?PD: Cant make automatic updates so I need to find the specific KBThank you!Chumbima***Moved fromSpanish Forum***

:)

Brink · Jun 30, 2022

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

MSRC / By Aanchal Gupta / October 29, 2020 / Active Directory, EOP, Patch, Standard), vulnerability, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 all editions, Windows Server version 1809 (Datacenter, Windows Server version 1903 all editions, Windows Server version 1909 all editions

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be used to steal domain credentials and take over the domain.

Deploying the August 11, 2020 security update or later release to every domain controller is the most critical first step toward addressing this vulnerability. Once fully deployed, Active Directory domain controller and trust accounts will be protected alongside Windows domain-joined machine accounts. We strongly encourage anyone who has not applied the update to take this step now. Customers need to both apply the update and follow the original guidance as described in KB4557222 to ensure they are fully protected from this vulnerability. We have updated the FAQs in that original guidance from August to provide further clarity.

UPDATE your Domain Controllers with an update released August 11, 2020 or later.

FIND which devices are making vulnerable connections by monitoring event logs.

ADDRESS non-compliant devices making vulnerable connections.

ENABLE enforcement mode to address CVE-2020-1472 in your environment.

Organizations that deploy Microsoft Defender for Identity (previously Azure Advanced Threat Protection) or Microsoft 365 Defender (previously Microsoft Threat Protection) are able to detect adversaries as they try to exploit this specific vulnerability against their domain controllers.

Finally, we have emphasized our previous guidance to relevant government agencies. For example, we contacted the Cybersecurity and Infrastructure Security Agency (CISA) which has issued an additional alert to remind state and local agencies, including those involved in the U.S. elections, about applying steps necessary to address this vulnerability.

Aanchal Gupta
VP Engineering, MSRC
Click to expand...

Source: https://msrc-blog.microsoft.com/2020...cve-2020-1472/

DT-ECS · Jun 30, 2022

CVE-2020-0601 Patch Fails

With the recent release of patches for the CVE-2020-0601 vulnerability, I have been working to address patching for Windows 10, Server 2016, and Server 2019 machines that my office manages. Our RMM tool has been able to apply patches to many machines,
however I have also configured targeted scripts to roll out the patches faster, to cover more ground. In doing so, I have found that there seem to be quite a number of machines that are not successfully patching. This includes various builds of Windows 10,
of which each has it's own patch. Is anyone else having issues getting Windows 10 machines patched for CVE-2020-0601 on a mass scale?

DaveCiP · Jun 30, 2022

Patching of CVE-2020-0601

I have a computer that does not list the patch for CVE-2020-060, KB4534293, OS build17134.1246. However, KB4554349 is listed on the same PC, which is OS build 17134.1401. Was the patch for CVE-2020-0601 included in OS build 17134.1401?

Windows 10: Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019 - Similar Threads - Netlogon Zerologon CVE

Windows Server 2016 Security Patch Failure

Windows Server 2016 Security Patch Failure

Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Netlogon Zerologon CVE-2020-1472 patch for Windows Server 2016/2019

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Update Windows Defender now! CVE-2020-1472

CVE-2020-1425 and CVE-2020-1457

Patching of CVE-2020-0601

CVE-2020-0601 Patch Fails