Concerns over a critical vulnerability that Microsoft disclosed in its Windows Netlogon Remote Protocol (MS-NRPC) in August were considerably heightened this week following reports of attackers actively targeting the flaw.
On Thursday, Microsoft via a series of tweets that urged organizations to immediately apply a patch it had issued for the bug (CVE-2020-1472) — which many have begun referring to as the Zerologon vulnerability.
“We have observed attacks where public exploits have been incorporated into attacker playbooks,” the company warned. “We strongly recommend customers to immediately apply security updates for CVE-2020-1472.”
The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) heightened the sense of urgency with its own