The Netlogon Remote Protocol remote procedure call (RPC) interface is primarily used to maintain the relationship between a device and its domain , and relationships among domain controllers (DCs) and domains. This update protects Windows devices from CVE-2022-38023 by default.

A vulnerable connection is a Netlogon secure channel connection that does not use secure RPC. Learn how to update DCs, and address vulnerable connections and non-compliant devices, to protect against the Netlogon vulnerability CVE-2020-1472.

Fixes an issue in which the Net Logon service does not start in Windows Server 2003 or in Windows Server 2008 after you restart the computer.

The script available in this article is a companion to the information in How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472. It is provided as-is.

Describes an issue that prevents the Netlogon service on domain controllers from starting automatically after you upgrade to Windows Server 2016 or Windows Server 2019. Provides a resolution.

Take Action. To help protect your environment and prevent outages, we recommend that you do the following steps: UPDATE your Windows domain controllers with a Windows update released on or after November 8, 2022. MOVE your Windows domain controllers to Audit mode by using the Registry Key setting section.

By default in Windows 8, Windows 7, Windows Vista, and Windows XP, the Fast Logon Optimization feature is set for domain and workgroup members. Policy settings apply asynchronously when the computer starts and when the user signs in.

Resolves a vulnerability in Windows that could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC).

Resolves a vulnerability in Windows that could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

A Kerberos source event is logged in the System log of application servers. This event indicates that Kerberos PAC validation is failing. The event resembles the following: Text in Netlogon service debug logs (Netlogon.log) matches the text "NlpUserValidateHigher: Can't allocate Client API slot."