Zerologon is the name given to a security vulnerability found in Microsoft Windows domain controllers by Secura. It is an unauthenticated privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). An attacker can leverage this flaw to gain administrative access to a Windows domain.
This vulnerability was assigned CVE number CVE-2020-1472 and rated critical. A Zerologon vulnerability that was patched by Microsoft in August has been making the news lately as proof of concept exploits have started to appear in the wild. In this post, I will discuss in more detail what this vulnerability is and how you can defend against it.