Microsoft now forces secure RPC to block Windows Zerologon attacks

From bleepingcomputer.com

Microsoft now forces secure RPC to block Windows Zerologon attacks

Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month’s Patch Tuesday security updates.

Zerologon is a critical Netlogon Windows Server process security flaw (tracked as CVE-2020-1472) that allows attackers to elevate privileges to domain administrators and take control over the domain following successful exploitation.

The patch released during the August 2020 Patch Tuesday rolled out in two phases and it forces secure Remote Procedure Call (RPC) communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.

Read more…