As part of February 2021 Patch Tuesday release, Microsoft released the final patch for Zerologon to enable a security setting by default to protect vulnerable systems.
CVE-2020-1472, also known as “Zerologon,” is a critical elevation of privilege vulnerability in Microsoft’s Netlogon Remote Protocol. It was initially patched in Microsoft’s August 2020 Patch Tuesday. The vulnerability received a CVSSv3 score of 10.0, the maximum possible score, and a Vulnerability Priority Rating (VPR) score of 10, underscoring its severity.
The first phase addressed the underlying vulnerability on two fronts. Firstly, patched DCs will block both Windows-based domain members and non-Windows DCs that are configured to explicitly disable signing/encryption. Secondly, the patch also changes the Netlogon protocol for clients unable to use the required signing/encryption.
With this final patch, it modifies the Netlogon Parameters registry key and enable Enforcement mode by setting the FullSecureChannelProtection data value to 1.
Additional links: