BD is aware of and currently monitoring the Microsoft Netlogon elevation of privilege vulnerability (also known as Zerologon), affecting Netlogon Remote Protocol (MS-NRPC). This third-party vulnerability, which Microsoft is correcting through a phased two-part roll out that started on Aug. 11, 2020, is not specific to BD or our products. Additionally, we have not received any reports regarding this vulnerability being exploited on BD products.
CVE-2020-1472 is an elevation of privilege vulnerability that could allow an unauthorized user to establish a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC). To exploit the vulnerability, an unauthenticated attacker would need to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
This vulnerability could potentially allow an attacker to run a specially crafted application on a device on the network.
This vulnerability was recently added to the list of third-party vulnerabilities threat actors could potentially use to infect systems with Ryuk Ransomware. For more information, please see our Ryuk Ransomware bulletin.
Please see the Product Security Patching website for all available product security patches. Additionally, we recommend the following compensating controls for customers using BD products that utilize Netlogon Remote Protocol:
BD has not received any reports of this third-party vulnerability being exploited on BD products. The product list below is available to customers to help identify existing BD products that utilize affected versions of Netlogon Remote Protocol. The list provided below is not comprehensive and may be updated as more products are identified. It does not indicate the patch or device status.
Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity to maintain the correct security posture of the system(s). Ensure the following Microsoft guidelines have been followed:
For product- or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by this third-party vulnerability, disconnect the device from the network and contact your BD service representative immediately.