← Back
(Updated) Security hardening for Microsoft RPC Netlogon protocol
MC1113050 · build prod-20251231-200323
Category
planForChange
Severity
normal
Major change
False
Last modified
2025-08-14 04:22:22
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
Services
Windows
Tags
Admin impact
Master tags
Admin, Security
Roadmap IDs

One-line summary

Netlogon RPC protocol hardening blocks anonymous requests by default on Windows Server (May/July 2025 updates); admins must review dependencies and update affected services like Samba.

Similar updates

More like this
MC1143929 Certificate-based authentication changes on Windows domain controllers - coming September 2025
Certificate-based authentication changes on Windows domain controllers - coming September 2025 Starting with September 2025 Windows updates, strict certificate mapping will be enforced on AD CS and domain controllers, blocking authentication if requirements aren't met. Since 2023, Microsoft has been sharing reminders of changes coming to.
MC1150557 Certificate-based authentication changes following installation of Windows updates released September 9, 2025
Certificate-based authentication changes following installation of Windows updates released September 9, 2025 Starting September 9, 2025, Windows updates enforce new certificate mapping requirements on Windows Servers, ending gradual rollout and requiring immediate admin action to ensure authentication works. Windows updates released September 9,.
MC1092195 Prepare for Kerberos CBA changes: Enforcement begins with July updates
Prepare for Kerberos CBA changes: Enforcement begins with July updates Windows updates will enforce stricter certificate-based authentication for domain controllers, requiring CAs in the NTAuth store starting July 8, 2025, with full enforcement October 14, 2025. Starting with the April 8, 2025 Windows security updates, protections for .
MC1111657 Second phase for KB5057784: Protections for CVE-2025-26647 (Kerberos Authentication) begins today
Second phase for KB5057784: Protections for CVE-2025-26647 (Kerberos Authentication) begins today Windows updates will enforce stricter certificate-based authentication from July 8, 2025, requiring CAs in the NTAuth store; full enforcement and policy bypass removal starts October 14, 2025. Starting with the April 8, 2025, Windows security.
MC1178653 Take Action: Out-of-band update to address a vulnerability in Windows Server Update Services (WSUS)
Take Action: Out-of-band update to address a vulnerability in Windows Server Update Services (WSUS) A critical RCE vulnerability in WSUS reporting web service is fixed by an out-of-band Windows Server update released on 2025-10-23; immediate installation is recommended. Microsoft has identified a remote code execution (RCE) vulnerability in the.

Details

Body (from Message Center)

(Update: This post was updated to clarify that the change was Enabled by Default on Windows Server 2025 in May 2025 and to add information about how to configure this change.) 

Microsoft has introduced a hardening change to strengthen the Microsoft RPC Netlogon protocol by blocking RPC anonymous requests used to locate domain controllers. This change was Enabled by Default in the May 2025 Windows security update for Windows Server 2025, and in the July 2025 Windows security update for all supported versions from Windows Server 2008 SP2 through Windows Server 2022. This change is configurable by policy after installing the August 2025 Windows security update. See the article, KB5066014—Netlogon RPC Hardening (CVE-2025-49716), for details. 
 
After applying these updates and subsequent updates, Active Directory domain controllers will reject certain anonymous RPC requests. This may affect interoperability with services like Samba unless they are updated to meet the new access requirements.
 
To prepare for this update, review your environment for any dependencies on anonymous Netlogon RPC requests. If your organization uses Samba, refer to the Samba release notes for guidance on compatibility. It is also recommended to test the update in a staging environment to identify and address any potential disruptions before full deployment.
 
For more information, see the May or July KB update article that matches your server version’s security update.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Review environment for anonymous Netlogon RPC dependencies",
      "Update Samba and other affected services",
      "Test updates in staging before deployment"
    ],
    "ai_master_tags": [
      "Admin",
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Netlogon RPC protocol hardening blocks anonymous requests by default on Windows Server (May/July 2025 updates); admins must review dependencies and update affected services like Samba.",
    "ai_topics": [
      "Windows",
      "Windows Server"
    ],
    "category": "planForChange",
    "details_map": {},
    "id": "MC1113050",
    "importance": 5,
    "is_major_change": false,
    "last_modified": "2025-08-14T04:22:22Z",
    "ms_products": [
      "Windows"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Windows"
    ],
    "severity": "normal",
    "tags": [
      "Admin impact"
    ],
    "title": "(Updated) Security hardening for Microsoft RPC Netlogon protocol"
  }
}