cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vvadim
Level 10
Report Inappropriate Content
Message 1 of 35
‎08-13-2020 08:38 AM

MWG+NTLM+CVE-2020-1472

Jump to solution

Hi, All.

We have some MWG servers with v.7.8.1/7.8.2 appliances running.

On this proxies we use the NTLM authorization method for authorizing users on our DC.

DC controller runs on MS Windows Server 2016, and after installing last patches (KB4571694KB4565349 for MS Windows Server 2019).

for CVE-2020-1472 in the logs of the DC we find the next events

CVE-2020-1472_on_DC.PNG

 

How it's critical for future using Netlogon?  Will it cause problems with user authorization after February 9, 2021?

12 people had this problem.
0 Kudos
Reply
2 Solutions

Accepted Solutions
jebeling
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 31 of 35
‎12-17-2020 06:04 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Now addressed in 9.2.6 and 8.2.15 which are released and available for download. 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as a Solution and/or Kudo my reply so we can help other community participants?

View solution in original post

Reply
SMEDHI
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 33 of 35
‎12-18-2020 10:21 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

This issue have been addressed in the below 4 webgateway versions:

7.8.2.26, 8.2.15, 9.2.6 and 10.0.2

For detailed information on how to upgrade please refer to the release notes, chapter “Installation”

https://contentsecurity.mcafee.com/fd?file=mwg/mwg7/release-notes/mwg_release_7.8.2.26.0_RN-RELEASE....

https://contentsecurity.mcafee.com/fd?file=mwg/mwg7/release-notes/mwg_release_8.2.15_RN-RELEASE.pdf

https://contentsecurity.mcafee.com/fd?file=mwg/mwg7/release-notes/mwg_release_9.2.6_RN-RELEASE.pdf

https://contentsecurity.mcafee.com/fd?file=mwg/mwg7/release-notes/mwg_release_10.0.2_RN-CONRELEASE.p...

Regards,

Shibani

View solution in original post

Reply
34 Replies
aloksard
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 35
‎08-17-2020 02:00 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hi,

 

Hope you are doing well.

 

 
 
MS tightened the security aspect, we will make necessary changes to our code accordingly and this will be addressed.  
 
 
Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
 
 
Regards
Alok Sarda
Reply
vvadim
Level 10
Report Inappropriate Content
Message 3 of 35
‎08-17-2020 07:14 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

>we will make necessary changes to our code accordingly and this will be addressed.  

This mean, that we are forced to upgrade our appliances to higher versions? 

0 Kudos
Reply
aloksard
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 35
‎08-17-2020 12:26 PM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hi,

 

Hope you are doing well.

 

Currently our engineering team is looking into this, will keep you posted once I hear back something on this.

 

Regards

Alok Sarda 

Reply
NetTas
Level 8
Report Inappropriate Content
Message 5 of 35
‎08-17-2020 11:53 PM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

We have just been asked to investigate the same issue - CVE-2020-1472 has been installed on some DC's with the subsequent connection will be denied once enforcement phase is released - currently have have 8.2.9 installed

Reply
jebeling
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 35
‎08-24-2020 07:31 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

 

Just a couple additional notes. It is just a warning at present. Per the article MS will not start enforcing until Q1 2021. Customers may want to consider taking this opportunity to move to authentication via Kerberos, which is unaffected, more secure and more efficient method of transparent authentication.

 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as a Solution and/or Kudo my reply so we can help other community participants?
Reply
vvadim
Level 10
Report Inappropriate Content
Message 7 of 35
‎08-27-2020 01:40 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Please inform us about results of investigation

0 Kudos
Reply
gruenerpuma
Level 7
Report Inappropriate Content
Message 8 of 35
‎09-09-2020 07:05 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hi McAfee,

 

what is the latest status about it ? Did you solved the problem with a the newest version ?

 

Br,

Sven

Reply
chrisfi
Level 8
Report Inappropriate Content
Message 9 of 35
‎09-10-2020 12:37 AM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Hi,

 

same "problem" here.

 

Our AD-administrator contacted me yesterday and told me that he sees many warning-entries from our MGWs in the evenlog of the DCs ("The Netlogon service allowed a vulnerable Netlogon secure channel connection.").

 

Would be nice if you keep us up-to-date.

 

Kind regards

Reply
V3rbatim
Level 7
Report Inappropriate Content
Message 10 of 35
‎09-13-2020 10:45 PM

Re: MWG+NTLM+CVE-2020-1472

Jump to solution

Of course same problem her!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC