1.  Vulnerability Description

Recently, NSFOCUS detected that the foreign security company Secura disclosed detailed information and validation scripts about the Netlogon privilege escalation vulnerability (CVE-2020-1472), which increases vulnerability risks abruptly. Exploitation of this vulnerability requires a computer on the same local area network (LAN) as the target. When using the Netlogon Remote Protocol (MS-NRPC) to establish a secure channel connection to a domain controller, an unauthenticated attacker could exploit the vulnerability to obtain domain administrator access. The vulnerability was disclosed by Microsoft in its August 2020 security updates. With a CVSS base score of 10, it has an extensive impact. At present, EXP has been made public on the Internet. Affected users are advised to take preventive measures as soon as possible.