News

Attention to changes related to Microsoft Update for Netlogon Vulnerabilities(CVE-2020-1472)


Thank you for using NTT Communications Enterprise Cloud.

Please be informed that Microsoft has announced an update to address the Netlogon vulnerability CVE-2020-1472 section, which may affect your access to domain controllers via NTLM authentication as well as your access to ECL1.0 CIFS service.
We recommend the customers using NTLM authentication to check the latest vulnerability CVE-2020-1472 information and take appropriate action needed. There is no impact for the customers who use Kerberos authentication.

Vulnerability information

Please refer to the following pages for details.

https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e

Affected Menu

Premium Storage / File server service (CIFS)
Standard Storage / Archive storage (CIFS)

Countermeasure

Please take either of the following actions to avoid any impacts from this Microsoft update.
– Use Kerberos authentication on your domain controllers to access ECL1.0 CIFS service
– Add NTT Communications’ filer server machine account to the group policy “Domain controller: Allow vulnerable Netlogon secure channel connections” on your domain controllers

 

Thank you.