Описание
Windows Netlogon Elevation of Privilege Vulnerability
Меры по смягчению последствий
The following mitigating factors might be helpful in your situation:
- Predictable Naming Conventions: Avoid using predictable naming conventions for domain controllers to prevent attackers from renaming their machines to match the next name to be assigned to a new domain controller.
- Secure Channel Validation: Ensure that the secure channel is validated against more than just the computer name of the machine it was delivered to. This can help prevent attackers from impersonating the domain controller by obtaining the handle and waiting for the appointment to happen.
- Monitor for Renaming Activities: Implement monitoring for any suspicious renaming activities of computers within the network. This can help with early detection and prevention of potential attacks.
- Enhanced Authentication Mechanisms: Consider using enhanced authentication mechanisms that go beyond the current validation methods to ensure the authenticity of the domain controller and the secure channel.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain domain administrator privileges.
According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would need to predict the name of a new domain controller and rename their computer to match it. They would then establish a secure channel and keep it active while renaming their computer back to its original name. Once the new domain controller is promoted, the attacker could use the secure channel to impersonate the domain controller and potentially compromise the entire domain.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9 Critical
CVSS3
Связанные уязвимости
Windows Netlogon Elevation of Privilege Vulnerability
Уязвимость службы Netlogon операционных систем Windows, позволяющая нарушителю повысить свои привилегии
EPSS
9 Critical
CVSS3