What is the CVSS score of CVE-2020-1472?

CVE-2020-1472 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 94.4%.

Which versions of Windows are affected by CVE-2020-1472?

CVE-2020-1472 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. This vulnerability is actively exploited in the wild (KEV-listed).. A patch is available.

Is there a public PoC exploit available for CVE-2020-1472?

Yes, a public proof-of-concept exploit is available for CVE-2020-1472. Prioritise patching immediately. EPSS: 94.4%.

How to fix or mitigate CVE-2020-1472?

Within 24 hours: Identify affected systems and apply vendor patches immediately. Vendor patch is available.

Windows CVE-2020-1472

MEDIUM

2020-08-17 secure@microsoft.com

Windows

5.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:19 vuln.today

Added to CISA KEV

Feb 23, 2026 - 20:30 cisa

CISA KEV

EUVD Exploitation Confirmed

Feb 23, 2026 - 20:30 euvd

EUVD KEV

PoC Detected

Feb 23, 2026 - 20:30 vuln.today

Public exploit code

Patch released

Feb 23, 2026 - 20:30 nvd

Patch available

CVE Published

Aug 17, 2020 - 19:15 nvd

MEDIUM 5.5

DescriptionCVE.org

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

AnalysisAI

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.

Technical ContextAI

Vulnerability type: privilege escalation.

Affected ProductsAI

Unspecified product

RemediationAI

Apply the vendor-supplied patch immediately. This is CISA KEV-listed — federal agencies must remediate per BOD 22-01 deadlines. Given the high exploitation probability, prioritize remediation over other vulnerabilities.