Microsoft warns IT, security admins, that with its security update on February 9, it will enable Domain Controller (DC) enforcement mode by default to address the critical remote code execution vulnerability in the Netlogon protocol.
As per the Microsoft Security and Response Center blog post, this move will block vulnerable connections from non-compliant devices.
The vulnerability named CVE-2020-1472 is a privilege escalation flaw in the Windows Netlogon Remote Protocol with a CVSS score of 10. It could allow a hacker to use MS-NRPC to connect to a domain controller and gain full admin access.
Microsoft advises businesses to update Domain Controllers with the security update released August 11, 2020, monitor event logs to find devices making vulnerable connections, address any non-compliant devices making vulnerable connections, and enable DC enforcement mode.