Lucene search

K
msrcMicrosoft Security Response CenterMSRC:617BB0BF7CDA5777BFA2E81C8277D73C
HistoryJan 14, 2021 - 8:00 a.m.

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472

2021-01-1408:00:00
Microsoft Security Response Center
link
40

0.467 Medium

EPSS

Percentile

97.5%

Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device.