CRITICAL: Vulnerability in Microsoft Windows Netlogon Remote Protocol
Microsoft has discovered and patched vulnerabilities for its Microsoft Windows Netlogon Remote Protocol (MS-NRPC).
Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges.
An unauthenticated attacker with network access to a domain controller can impersonate any domain-joined computer, including a domain controller. Among other actions, the attacker can set an empty password for the domain controller's Active Directory computer account, causing a denial of service, and potentially allowing the attacker to gain domain administrator privileges.
On August 11, 2020, Microsoft issued updates to address this vulnerability. It is advised to install these patches as soon as possible
For a brief overview:
For a more detailed overview: