CVE-2020-1472

Name: CVE-2020-1472
Creator: NVD / NIST
Published: 2020-08-17T19:15:15.117+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10Actively ExploitedEPSS 99.51%

Last modified Jun 17, 2026

CVE-2020-1472 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.51% chance of exploitation in the next 30 days.

Description

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

99.51%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by May 3, 2022.

Affected Software

Vendor	Product	Versions	Update
Microsoft	Windows Server 1903	All versions	—
Microsoft	Windows Server 1909	All versions	—
Microsoft	Windows Server 2004	All versions	—
Microsoft	Windows Server 2008	r2	Sp1
Microsoft	Windows Server 2012	All versions	—
Microsoft	Windows Server 2012	r2	—
Microsoft	Windows Server 2016	All versions	—
Microsoft	Windows Server 2019	All versions	—
Microsoft	Windows Server 20h2	All versions	—
Fedoraproject	Fedora	31	—
Fedoraproject	Fedora	32	—
Fedoraproject	Fedora	33	—
Opensuse	Leap	15.1	—
Opensuse	Leap	15.2	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	16.04	—
Canonical	Ubuntu Linux	18.04	—
Canonical	Ubuntu Linux	20.04	—
Synology	Directory Server	< 4.4.5-0101	—
Samba	Samba	< 4.10.18	—
Samba	Samba	>= 4.11.0, < 4.11.13	—
Samba	Samba	>= 4.12.0, < 4.12.7	—
Debian	Debian Linux	9.0	—
Oracle	Zfs Storage Appliance Kit	8.8	—

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.htmlMailing List, Third Party Advisory
http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
http://www.openwall.com/lists/oss-security/2020/09/17/2Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/Mailing List, Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472Patch, Vendor Advisory
https://security.gentoo.org/glsa/202012-24Third Party Advisory
https://usn.ubuntu.com/4510-1/Third Party Advisory
https://usn.ubuntu.com/4510-2/Third Party Advisory
https://usn.ubuntu.com/4559-1/Third Party Advisory
https://www.kb.cert.org/vuls/id/490028Third Party Advisory, US Government Resource
https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_21Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.htmlMailing List, Third Party Advisory
http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
http://www.openwall.com/lists/oss-security/2020/09/17/2Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00041.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/Mailing List, Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472Patch, Vendor Advisory
https://security.gentoo.org/glsa/202012-24Third Party Advisory
https://usn.ubuntu.com/4510-1/Third Party Advisory
https://usn.ubuntu.com/4510-2/Third Party Advisory
https://usn.ubuntu.com/4559-1/Third Party Advisory
https://www.kb.cert.org/vuls/id/490028Third Party Advisory, US Government Resource
https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_21Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1472US Government Resource

Timeline

Published: Aug 17, 2020
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2020-1472?

How severe is CVE-2020-1472?

CVE-2020-1472 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 99.51% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2020-1472?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-1472?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST