# CVE-2020-1472

> An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by 

- **CVSS:** 5.5 (MEDIUM)
- **EPSS:** 94.4%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** NVD-CWE-noinfo

Canonical: https://intel.threadlinqs.com/cve/CVE-2020-1472
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp