ZEROLOGON CVE 2020- 1472

The vulnerability, dubbed as “Zerologon,” is a critical severity, privilege-escalation vulnerability (CVE-2020-1472) assigned a CVSS score of 10 out of 10. The flaw was addressed in Microsoft’s August 2020 security updates.


  • As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as 'CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability' also known as Zerologon.

  • In order to mitigate this flaw, it is highly recommended to install Microsoft’s August 2020 security patches on all Active Directory domain controllers.

  • Unpatched DC (Domain Controllers) will allow attackers to compromise it and give themselves domain admin privileges.

  • The only thing an attacker needs is the ability to set up TCP connections with a vulnerable DC; i.e. they need to have a foothold on the network, but don’t require any domain credentials to compromise the DC.

  • The patch that addresses Zerologon also implements some additional defense-in-depth measures that forces domain-joined machines to use previously optional security features of the Netlogon protocol.

  • As confirmed by Microsoft, an update in February 2021 will further tighten these restrictions, which may break some third-party devices or software.

  • Installing the August 2020 patch on all domain controllers (also back-up and read-only ones) is sufficient to block the high-impact of exploits detailed herein.