The Netlogon Remote Protocol remote procedure call (RPC) interface is primarily used to maintain the relationship between a device and its domain , and relationships among domain controllers (DCs) and domains. This update protects Windows devices from CVE-2022-38023 by default.

When the issue occurs, the Lsass.exe process CPU usage is low (even lower than usual). Around the same time (but up to a 4-hour offset), you may receive Netlogon warning event 5807.

Fixes a problem that generates NetLogon 3210 events. Occurs after the Managed Service Account (MSA) renews its password in Windows 7 SP1 and Windows Server 2008 R2 SP1.

To resolve the issue, use one or more of the following methods: Install the following hotfix, and then follow the steps that are described in the "Registry information" section.

Fixes an issue in which NetLogon 3210 events are generated after the MSA renews its password in Windows Server 2012 R2.

You set a specific static port to be used for NT Directory Service (NTDS) and Netlogon on a domain controller. To do this, you follow the method that is described in following Microsoft Knowledge Base (KB) article:

Les mises à jour Windows du 8 novembre 2022 et ultérieures résolvent les faiblesses du protocole Netlogon lorsque la signature des appels de procédure distante (RPC) est utilisée au lieu du scellement RPC. Pour plus d’informations, consultez CVE-2022-38023.

Las actualizaciones de Windows del 8 de noviembre de 2022 y posteriores solucionan los puntos débiles del protocolo Netlogon cuando se utiliza la firma RPC en lugar del sellado RPC. Puede encontrar más información en CVE-2022-38023 .

To do this, open Event Viewer by selecting Start, type event viewer and select it. Once Event Viewer opens, expand Windows Logs, right click or long press on System and select Save All Events As... and save the file somewhere to allow processing of the file. The script can process more than one EVTX file at a time if you would like.

This security update resolves a vulnerability in Windows that could allow elevation of privilege if an attacker who has access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC).