Kashif Ali

Original release date: September 18, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.

Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild.

ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:

• CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday
• CERT/CC Vulnerability Note [VU#490028]
• Microsoft Security Vulnerability Information for CVE-2020-1472
• Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472

Original release date: September 17, 2020

The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors.

The Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround.

• CERT/CC Vulnerability Note VU#490028
• Microsoft’s Security Advisory for CVE-2020-1472
• Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472

Original release date: September 17, 2020

Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates:

• SA-CORE-2020-007
• SA-CORE-2020-008
• SA-CORE-2020-009
• SA-CORE-2020-010
• SA-CORE-2020-011

Original release date: September 17, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

• Safari 14.0
• tvOS 14.0
• watchOS 7.0
• iOS 14.0 and iPadOS 14.0
• Xcode 12.0