→ Applies to: SynetoOS 4.x

Microsoft has published information about a Netlogon and elevation of privilege vulnerability, covered by CVE-2020-1472.

The highlighted patches are the standard monthly patches (monthly rollups, security-only bundles, cumulative updates, etc.), but according to the FAQ section of the CVE page, additional steps are needed to protect against the vulnerability.

The impact of this patch is that shares are not accessible by their IP, only by hostname with some limitations.


 

Step 1. Connect to the Windows VM

Step 2. Open DNS Manager

Step 3. Click on Forward Lookup Zones

IMPORTANT
If in "Forward Lookup Zones" there is no entry with the hostname assigned to SynetoOS, you need to add a new entry.

Step 4. Run gpedit.msc and click ok

Step 5. Expand Computer Configuration > Windows Settings > Security Settings > Local Policies >  Security Options

Step 6. Right click and choose Properties on “Domain controller: Allow vulnerable Netlogon secure channel connections”

Step 7. Click on Edit Security and Add

Step 8. Click on Object Types

Step 9. Select Computers only and press OK

Step 10. Enter the SynetoOS hostname, click on Check Names and press OK