Microsoft Completes Two-Phase Rollout for Zerologon (CVE-2020-1472)

On February 9, as part of Microsoft’s February 2021 Patch Tuesday release, an update was made to address CVE-2020-1472, a critical elevation of privilege vulnerability in Windows Netlogon. The vulnerability, dubbed “Zerologon” by researchers at Secura, was originally patched as part of Microsoft’s August 2020 Patch Tuesday release. At the time, Microsoft noted that addressing Zerologon would be conducted in a phased two-part rollout. The initial patch in August was the first phase, and they planned to release the second phase this month.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.