Microsoft published information regarding a vulnerability related to Netlogon and elevation of privilege, which is covered by CVE-2020-1472.

The patches highlighted are the standard monthly patches (monthly rollups, security-only bundles, cumulative updates, etc.), but according to the FAQ section of the CVE page, there are additional steps required to protect from the vulnerability.

The impact of this patch is that shares can not be accessed from their IP, only with hostname with some limitations.


Step 1: Check DNS record

  • From Windows go to DNS Manager and check the "Forward Lookup Zones" for your domain.If you have an entry with the hostname assigned to the IP it is fine, if its not assigned, you have to generate a new entry.

Step 2: Modify Local Group Policy

  • Invoke gpedit.msc

  • Go to Computer Management > Windows Settings > Security Settings > Local Policies >  Security Options

  • Find "Domain Controller: Allow vulnerable Netlogon secure channel connections".

  • Right click and choose Properties.

  • From Properties, Edit Security and click Add

  • Modify Object Types by leaving selection only for Computers

  • To conclude, insert for you hostname, Check Names and press OK

This procedure should be applied for every Syneto machine where SMB shares are stored.
Also this procedure can be applied for versions 2012, 2016 and 2019 of Windows Server.