MC1113050: Security hardening for Microsoft RPC Netlogon protocol

🚨
Major Update: This post contains a significant change that may impact your organisation.

As part of our ongoing commitment to security, we’re introducing a hardening change to the Microsoft RPC Netlogon protocol. This update strengthens access controls by blocking anonymous RPC requests that could previously be used to locate domain controllers. This change is not configurable and cannot be reverted via policy. When this will happen

  • This change was introduced in the July 2025 Windows security update for all supported versions of Windows Server from Windows Server 2008 R2 through Window Server 2022.
  • For Windows Server 2025, the change was included in the February 2025 Windows security update and subsequent updates.

How this affects your organizationAfter installing the applicable Windows security update, Active Directory domain controllers will reject certain anonymous RPC requests made through the Netlogon RPC server. These requests are typically used for domain controller location and may impact interoperability with some third-party file and print services, including Samba. If your organization uses Samba or similar services, you may experience disruptions unless those services are updated to comply with the new access requirements. What you can do to prepare

  • Review your environment for dependencies on anonymous Netlogon RPC requests.
  • If your organization uses Samba, please refer to the Samba release notes â€‹â€‹â€‹â€‹â€‹â€‹for guidance on compatibility.
  • Test the update in a staging environment before broad deployment to identify any potential service disruptions.

 Additional informationThis change has been documented in the KB articles associated to the updates introducing the new security hardening: