720-891-1663

Return to the list of client alerts

Microsoft Updates NetLogon Patch

Back in August 2020 Microsoft released a patch for an attack that was going on in the wild that allowed hackers who were on your network but not authenticated (i.e. they did not have a userid and password) to make themselves a domain administrator.

That first patch, released August 11th, blocked Windows Active Directory Domain Controllers from using unsecured RPC communication, which was the attack vector.

It also LOGGED BUT NOT BLOCKED requests from non-Windows devices (such as but not limited to Macs and Linux machines) that don’t user secure RPC channels. This was designed to allow Windows admins to search the logs for non-compliant devices and kick them off the network.

Yesterday Microsoft dropped the other hammer.

As soon as this week’s patch Tuesday patches are installed those non-compliant devices will no longer be able to log into the Windows domain.

Credit: Bleeping Computer

Domain admins will now have to add specific exceptions to allow those devices that still need to use unsecured authentication to login.

Organization that use Microsoft Defender for Identity (AKA Azure Advanced Threat Protection) or Microsoft 365 Defender (AKA Microsoft Threat Protection) can detect attacks against this vulnerability.

Credit: Microsoft Blog

Depending on the devices on your network, this could be a nothing or it could be a significant event. If you discover that some users or systems cannot login after this patch is installed, this would be a good place to start looking.