After the zerologon vulnerability began to spread wildly, the U.S. Department of Homeland Security ordered government network administrators to immediately patch Windows Server 2008 and above (including windows 10 server). Now, Microsoft has joined the call, saying: “Microsoft is actively tracking the activity of cve-2020-1472 Netlogon EOP vulnerability (also known as zerologon), and we have observed that hackers have launched attacks using this vulnerability.”. < / P > < p > the vulnerability number is cve-2020-1472, which exists in the active directory core authentication component Netlogon remote protocol (ms-nrpc) of windows server, which allows unauthorized attackers to log in to the domain controller by sending a fake Netlogon verification command when establishing a TCP connection with the domain controller, thus fully controlling the identity services in all ad domains. < / P > < p > in the August Patch Tuesday, Microsoft fixed this vulnerability. Although the CVss score of the vulnerability is 10, the details have never been disclosed, which means that users and it administrators never realize how serious the vulnerability is. < / P > < p > CISA has issued emergency directive 20-04, instructing federal civil administration agencies to apply Microsoft Windows Server Security Update August 2020 (cve-2020-1472) to all domain controllers. CISA has instructed government servers to patch by September 21 (Monday), and strongly urges their partners in state and local governments, the private sector and the U.S. public to apply the security update as soon as possible. Global Tech