Microsoft Publishes Guide to Securing Systems Vulnerable to Zerologon Attacks


Addressed on August 2020 Patch Tuesday, the flaw was identified in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and can be abused by remote attackers to compromise Active Directory domain controllers and gain administrator access.

To exploit the flaw, which is tracked as CVE-2020-1472, an unauthenticated attacker would need to run a specially crafted application on a device on the network.

On September 18, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive requiring all federal agencies to apply the available patches within three days, and Samba also issued patches for the bug.