Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472

Original release date: September 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access.

CISA encourages users and administrators to review Microsoft’s August Security Advisory for CVE-2020-1472 and Article for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies

Original release date: September 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has observed Chinese MSS-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools.

CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the tactics, techniques, and procedures (TTPs) used by Chinese MSS-affiliated actors. CISA encourages users and administrators to review the joint cybersecurity advisory and CISA's Chinese Malicious Cyber Activity page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.