{"id":15977,"date":"2020-09-18T01:08:54","date_gmt":"2020-09-17T23:08:54","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15977"},"modified":"2020-09-18T01:08:54","modified_gmt":"2020-09-17T23:08:54","slug":"0patch-fixt-zerologon-cve-2020-1472-in-windows-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/09\/18\/0patch-fixt-zerologon-cve-2020-1472-in-windows-server-2008-r2\/","title":{"rendered":"0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2"},"content":{"rendered":"

\"win7\" [German<\/a>]ACROS Security has released a micropatch for the vulnerability CVE-2020-1472 (Zerologon) for Windows Server 2008 R2. This vulnerability is only closed by Microsoft starting with Windows Server 2012 R2. <\/p>\n

<\/p>\n

The vulnerability CVE-2020-1472 (Zerologon) <\/h2>\n

\"\"CVE-2020-1472<\/a> was issued for an elevation of privilege vulnerability in Windows. The vulnerability could allow a domain controller to be taken over. Microsoft writes about this: <\/p>\n

\n

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC<\/a>). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. <\/p>\n

To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.<\/p>\n<\/blockquote>\n

Microsoft fixes the vulnerability in a staggered two-part rollout. Updates from August 11, 2020 fix the vulnerability by changing the way Netlogon handles the use of secure Netlogon channels (see this Microsoft article<\/a>). However, only updates for Windows Server 2012 \/ R2 and Windows Server 2016\/2019 have been released.  <\/p>\n

Guidelines on how to manage the changes required by this vulnerability and more information on how to implement it step-by-step can be found in How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472<\/a>. I also reported on the blog (see links at the end of the article). <\/p>\n

0patch fix for Windows Server 2008 R2<\/h2>\n

ACROS Security has developed a micropatch for the vulnerability CVE-2020-1472. I got aware of the information about the release of the micropatch for Windows Server 2008 R2 via Twitter<\/a>. The ACROS Security blog post here<\/a> contains more information.  <\/p>\n

\"0patch-Fix
(0patch Fix for CVE-2020-1472 ) <\/p>\n

This micropatch is now available for 0patch users with PRO license and is already applied to all online computers with 0patch Agent (except in non-standard enterprise configurations). As always, there is no need to restart the computer and users' work is not interrupted. <\/p>\n

For information on how the 0patch Agent works, which loads the micro-patches into memory at runtime of an application, please refer to the blog posts (e.g. here<\/a>) I have linked below.   <\/p>\n

Similar articles:
<\/strong>Windows 7: Forcing February 2020 Security Updates<\/a> \u2013 Part 1
Windows 7: Securing with the 0patch solution<\/a> \u2013 Part 2
Windows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a>
Project: Windows 7\/Server 2008\/R2 Life Extension & 0patch one month trial<\/a>
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a>
0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a>
0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a>
0-day vulnerability in Windows Adobe Type Library<\/a>
0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a>
0patch for 0-day RCE vulnerability in Zoom for Windows<\/a>
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a>
0patch fixes CVE-2020-1113 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1337 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1530 in Windows 7\/Server 2008 R2<\/a> <\/p>\n

Windows Server: Zerologon vulnerability (CVE-2020-1472) allows domain hijacking<\/a>
Windows Domain Controller suddenly generate EventID 5829 warnings (August 11, 2020)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]ACROS Security has released a micropatch for the vulnerability CVE-2020-1472 (Zerologon) for Windows Server 2008 R2. This vulnerability is only closed by Microsoft starting with Windows Server 2012 R2.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[991,69,17],"class_list":["post-15977","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-0patch","tag-security","tag-windows-7"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15977","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15977"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15977\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15977"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15977"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15977"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}