How to fix CVE-2020-1472?

Within 24 hours: Identify affected systems and apply vendor patches immediately. Vendor patch is available.

Is Windows affected by CVE-2020-1472?

CVE-2020-1472 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. This vulnerability is actively exploited in the wild (KEV-listed). A patch is available and should be applied during regular vulnerability management.

CVE-2020-1472

MEDIUM

2020-08-17 [email protected]

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:19 vuln.today

Added to CISA KEV

Feb 23, 2026 - 20:30 cisa

CISA KEV

EUVD Exploitation Confirmed

Feb 23, 2026 - 20:30 euvd

EUVD KEV

PoC Detected

Feb 23, 2026 - 20:30 vuln.today

Public exploit code

Patch Released

Feb 23, 2026 - 20:30 nvd

Patch available

CVE Published

Aug 17, 2020 - 19:15 nvd

MEDIUM 5.5

Description

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Analysis

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation probability, public PoC available. Vendor patch is available.

Technical Context

Vulnerability type: privilege escalation.

Affected Products

['Unspecified product']

Remediation

Apply the vendor-supplied patch immediately. This is CISA KEV-listed — federal agencies must remediate per BOD 22-01 deadlines. Given the high exploitation probability, prioritize remediation over other vulnerabilities.

Priority Score

202

Low Medium High Critical

KEV: +50

EPSS: +94.4

CVSS: +28

POC: +20

CVE-2020-1472 vulnerability details – vuln.today

Back

CVE-2020-1472

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-1472

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code