System administrators believe that unless the software update is specifically to fix security vulnerabilities, then do not install immediately after the update. This is especially true in the case of windows update. However, it is recommended that users install the cumulative update released on Tuesday in the August patch as soon as possible, as it fixes a serious zerologon security vulnerability. < / P > < p > in the August Patch Tuesday, Microsoft fixed a security vulnerability No. cve-2020-1472, which may be one of the most serious vulnerabilities in history. The attacker can take over windows servers running as domain controllers in the enterprise network by using this vulnerability, and can become domain admin with one click. < / P > < p > although the CVss score of the vulnerability is 10, the details have never been disclosed, which means that users and it administrators never realize how serious the vulnerability is. < p > < p > Netlogon is an important functional component of windows, which is used for authentication of users and machines on the intra domain network, as well as replication of database for domain control backup. At the same time, it is also used to maintain the relationship between domain members and domains, between domains and domain controllers, and between domain DC and cross domain DC. < / P > < p > by spoofing the authentication token used for a specific Netlogon function, he can call a function to set the computer password of the domain controller to a known value. The attacker can then use this new password to control the domain controller and steal the credentials of the domain administrator. Global Tech