Last Modified: May 07, 2021
Opened: Nov 19, 2020
BIG-IP uses the nlad process to establish the communication channels to the Domain Controller for NTLM authentication, using the Netlogon RPC standard. Microsoft patch for CVE-2020-1472 addresses a vulnerability in the Netlogon RPC which is rolled out in two phases. Please refer below external references published by Microsoft on this CVE. 1) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472 2) https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
BIG-IP NTLM front end authentication uses secure Netlogon RPC to communicate with Domain Controller, by default. So BIG-IP should not be impacted when the MS patch for CVE-2020-1472 is enforced.
BIG-IP is configured for NTLM Front end authentication
Not affected so no workaround or mitigation required.