Linux Distros Unpatched Vulnerability : CVE-2020-1472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the...

Low: samba

Issue Overview: No CVE associated with this advisory Affected Packages: samba Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update samba or yum update...

Oracle Linux 8 : samba (ELSA-2021-1647)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1647 advisory. - resolves: 1891688 - Fix CVE-2020-14323 - resolves: 1892633 - Fix CVE-2020-14318 - resolves: 1892639 - Fix CVE-2020-14383 - resolves: 1879835 - Fix...

KB4601363: Windows 7 and Windows Server 2008 R2 February 2021 Security Update

The remote Windows host is missing security update 4601363 or cumulative update 4601347. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller,...

Amazon Linux AMI : samba (ALAS-2021-1469)

The version of samba installed on the remote host is prior to 4.10.16-9.56. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1469 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2722-1)

This update for samba fixes the following issues : - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC CVE-2020-1472...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2299)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)

According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller,...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2181)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft is warning that an Iranian nation-state actor is now actively exploiting the Zerologon vulnerability CVE-2020-1472, adding fuel to the fire as the severe flaw continues to plague businesses. The advanced persistent threat APT actor, which Microsoft calls MERCURY also known as MuddyWater...

Zerologon Attacks Against Microsoft DCs Snowball in a Week

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug i...

Microsoft Netlogon exploitation continues to rise

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the...

OPENSUSE-SU-2020:1513-1 Security update for samba

This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC CVE-2020-1472,...

Zerologon Patches Roll Out Beyond Microsoft

UPDATE The “perfect” Windows vulnerability known as the Zerologon bug is getting a patch assist from two non-Microsoft sources, as they strive to fill in the gaps that the official fix doesn’t address. They roll out as Microsoft announced that it is tracking active exploitation in the wild. “We...

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' CVE-2020-1472...

SUSE-SU-2020:2724-1 Security update for samba

This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC CVE-2020-1472, bsc1176579...

DHS Issues Dire Patch Warning for ‘Zerologon’

Federal agencies that haven’t patched their Windows Servers against the ‘Zerologon’ vulnerability by Monday Sept. 21 at 11:59 pm EDT are in violation of a rare emergency directive issued by the Secretary of Homeland Security. With only hours until the deadline for the directive, issued on Friday,...

CVE-2020-1472

A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...

CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol

The CERT Coordination Center CERT/CC has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided...

Exploit for CVE-2020-1472

CVE-2020-1472 Netlogon Remote Protocol Call MS-NRPC Privileg...