Microsoft Response to Zerologon flaw
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020 and now
To learn more about the vulnerability, see CVE-2020-1472.
To protect your environment and prevent outages, you must do the following:
UPDATE your Domain Controllers with an update released August 11, 2020 or later.
FIND which devices are making vulnerable connections by monitoring event logs.
ADDRESS non-compliant devices making vulnerable connections.
ENABLE enforcement mode to address CVE-2020-1472 in your environment.
Starting February 2021, enforcement mode will be enabled on all Windows Domain Controllers and will block vulnerable connections from non-compliant devices. At that time, you will not be able to disable enforcement mode. Considering the severity of the vulnerability, it is advised that all Domain Controllers be updated with the latest security patch as soon as possible
To know more how you can manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 please visit below link
How to manage the changes in Netlogon secure channel