cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 19

MWG+NTLM+CVE-2020-1472

Hi, All.

We have some MWG servers with v.7.8.1/7.8.2 appliances running.

On this proxies we use the NTLM authorization method for authorizing users on our DC.

DC controller runs on MS Windows Server 2016, and after installing last patches (KB4571694KB4565349 for MS Windows Server 2019).

for CVE-2020-1472 in the logs of the DC we find the next events

CVE-2020-1472_on_DC.PNG

 

How it's critical for future using Netlogon?  Will it cause problems with user authorization after February 9, 2021?

18 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 19

Re: MWG+NTLM+CVE-2020-1472

Hi,

 

Hope you are doing well.

 

 
 
MS tightened the security aspect, we will make necessary changes to our code accordingly and this will be addressed.  
 
 
Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
 
 
Regards
Alok Sarda
Highlighted
Level 10
Report Inappropriate Content
Message 3 of 19

Re: MWG+NTLM+CVE-2020-1472

>we will make necessary changes to our code accordingly and this will be addressed.  

This mean, that we are forced to upgrade our appliances to higher versions? 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 19

Re: MWG+NTLM+CVE-2020-1472

Hi,

 

Hope you are doing well.

 

Currently our engineering team is looking into this, will keep you posted once I hear back something on this.

 

Regards

Alok Sarda 

Highlighted
Level 8
Report Inappropriate Content
Message 5 of 19

Re: MWG+NTLM+CVE-2020-1472

We have just been asked to investigate the same issue - CVE-2020-1472 has been installed on some DC's with the subsequent connection will be denied once enforcement phase is released - currently have have 8.2.9 installed

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 19

Re: MWG+NTLM+CVE-2020-1472

 

Just a couple additional notes. It is just a warning at present. Per the article MS will not start enforcing until Q1 2021. Customers may want to consider taking this opportunity to move to authentication via Kerberos, which is unaffected, more secure and more efficient method of transparent authentication.

 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as a Solution in my reply so we can help other community participants?
Highlighted
Level 10
Report Inappropriate Content
Message 7 of 19

Re: MWG+NTLM+CVE-2020-1472

Please inform us about results of investigation

Highlighted

Re: MWG+NTLM+CVE-2020-1472

Hi McAfee,

 

what is the latest status about it ? Did you solved the problem with a the newest version ?

 

Br,

Sven

Highlighted
Level 8
Report Inappropriate Content
Message 9 of 19

Re: MWG+NTLM+CVE-2020-1472

Hi,

 

same "problem" here.

 

Our AD-administrator contacted me yesterday and told me that he sees many warning-entries from our MGWs in the evenlog of the DCs ("The Netlogon service allowed a vulnerable Netlogon secure channel connection.").

 

Would be nice if you keep us up-to-date.

 

Kind regards

Highlighted

Re: MWG+NTLM+CVE-2020-1472

Of course same problem her!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community