Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
January 15th, 2021
No comments
Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the …
Categories: Active Directory, EOP, Patch, Standard), vulnerability, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 all editions, Windows Server version 1809 (Datacenter, Windows Server version 1903 all editions, Windows Server version 1909 all editions MSRC