Visuality NQ Meets RPC Security Feature Update of Microsoft for Secure Netlogon Channels and RPC Calls
Microsoft has recently come out with an update to protect against a new vulnerability (Netlogon vulnerability CVE-2020-1472)[1] related to its remote protocol, MS-NRPC. According to a note that shares all the details, all domain controllers should use secure RPC with the Netlogon channel. Visuality’s NQ products are built to meet this requirement with end-to-end encryption and secure RPC.
An attacker can use the MS-NRPC to create a vulnerable Netlogon secure channel connection with a domain controller. This is called an elevation of privilege vulnerability[2]. The attacker can then run special applications via a device on the vulnerable network as they can receive domain admin access.
Versions of SMB: Understanding SMB v1, SMB v2, and SMB v3
Remote procedure calls allow users to call procedures of other programs located at remote servers. Such a call requires the distributed application to create a binding between the client and the server. To accomplish this, the server requires a security provider and an authentication mechanism. The client then receives a binding on the server and can make remote procedure calls. [3]
Microsoft’s update
The security update has been structured into two parts and is meant to modify the way Netlogon manages its secure channels. After the first update release on August 11, 2020, the enforcement phase will be rolled out on February 9, 2021.
In the second phase, the domain controllers will be in enforcement mode, and all devices, whether Window or non-Windows, will be required to either use secure RPC with Netlogon secure channels, or allow exceptions by adding an account explicitly in case of a non-compliant device. The complete guidelines are available online.
MS-NRPC is an RPC interface used by domain connected devices. It offers an authentication method and a secure Netlogon channel. The updates are meant to enforce secure RPC usage with these channels between the Active Directory domain controllers and member computers. The AD forest protection requires all domain controllers to be updated.[4]
The update advises secure RPC for all Windows and non-Windows domain controllers, and all third-party clients or servers must use it with the Netlogon secure channel.
Visuality NQ and Secure RPC
The RPC security vulnerability does not exist in Visuality products and does not affect their functioning.
YNQ™ from Visuality will offer secure RPC connections with an update planned from the next version in Q1 2021. A new feature, called “naked RPC”, is also under progress for the next major version release, which will offer secure RPC permanently to all devices for RPC communication.
Lilia Wasserman, VP R&D, Visuality Systems
[1] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472
[2] https://support.microsoft.com/en-in/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
[3] https://docs.microsoft.com/en-us/windows/win32/rpc/rpc-security-essentials
[4] https://support.microsoft.com/en-in/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc