Microsoft has released an update to resolve a vulnerability with the NetLogon service in Windows Domains. The vulnerability is being handled via a two-step approach.
The update released in September for Windows Servers adds functionality to prevent devices with an insecure netlogon channel to be prevented from logging into a domain. This functionality is being installed, but not being enabled by Microsoft at this point. In February of 2021 Microsoft will release a second update which will enable this feature, preventing devices with Windows 7, Windows 8 and Windows 8.1 from connecting to a domain.
Centrality is recommending the following action to address this security concern and resulting situation and ensure no loss of functionality occurs:
- Upgrade any of the affected operating systems to Windows 10 Pro, or replace with a new Windows 10 Pro device in advance of this February timeline.
- For those that have Windows 10 Pro devices, we recommend that this functionality is activated to harden security on your networks prior to the February update.
- Contact us to schedule a time to discuss this with Centrality’s MSP team to ensure this is properly planned and completed.