Bug ID 965713: Impact of Microsoft Patch for CVE-2020-1472 on BIG-IP NTLM Front End Authentication

Last Modified: May 07, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Opened: Nov 19, 2020
Severity: 4-Minor

Symptoms

BIG-IP uses the nlad process to establish the communication channels to the Domain Controller for NTLM authentication, using the Netlogon RPC standard. Microsoft patch for CVE-2020-1472 addresses a vulnerability in the Netlogon RPC which is rolled out in two phases. Please refer below external references published by Microsoft on this CVE. 1) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472 2) https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

Impact

BIG-IP NTLM front end authentication uses secure Netlogon RPC to communicate with Domain Controller, by default. So BIG-IP should not be impacted when the MS patch for CVE-2020-1472 is enforced.

Conditions

BIG-IP is configured for NTLM Front end authentication

Workaround

Not affected so no workaround or mitigation required.

Fix Information

None

Behavior Change