We have some MWG servers with v.7.8.1/7.8.2 appliances running.
On this proxies we use the NTLM authorization method for authorizing users on our DC.
DC controller runs on MS Windows Server 2016, and after installing last patches (KB4571694, KB4565349 for MS Windows Server 2019).
for CVE-2020-1472 in the logs of the DC we find the next events
How it's critical for future using Netlogon? Will it cause problems with user authorization after February 9, 2021?
Hope you are doing well.
We have just been asked to investigate the same issue - CVE-2020-1472 has been installed on some DC's with the subsequent connection will be denied once enforcement phase is released - currently have have 8.2.9 installed
Just a couple additional notes. It is just a warning at present. Per the article MS will not start enforcing until Q1 2021. Customers may want to consider taking this opportunity to move to authentication via Kerberos, which is unaffected, more secure and more efficient method of transparent authentication.
same "problem" here.
Our AD-administrator contacted me yesterday and told me that he sees many warning-entries from our MGWs in the evenlog of the DCs ("The Netlogon service allowed a vulnerable Netlogon secure channel connection.").
Would be nice if you keep us up-to-date.