CVE-2020-1472 will pbis open work after february 2021?

Question

CVE-2020-1472 will pbis open work after february 2021?

kamilnew opened this issue 4 years ago · 2 comments

CVE-2020-1472 will pbis open work after february 2021?
https://research.kudelskisecurity.com/2020/08/12/microsoft-active-directory-netlogon-elevation-of-privilege-cve-2020-1472/

Answer 1 · 2020-09-21T11:15:20.000Z

@kamilnew you should be able to find devices not compatible following Microsoft guidelines. There are new EventIDs that can be filtered on DC Events: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#AddressingEventIDs

Answer 2 · 2020-12-31T16:16:32.000Z

FWIW, we use open-pbis on a few Linux machines which are joined to AD, and after running Microsoft's script to determine if any of the events have been logged, nothing showed in any of the event logs. The script is here: https://support.microsoft.com/en-us/help/4557233