Unbeknownst to many, Microsoft patched last month in August one of the most severe bugs ever reported to the company, an issue that could be abused to easily take over Windows Servers running as domain controllers in enterprise networks.
The bug was patched in the August 2020 Patch Tuesday under the identifier of CVE-2020-1472. It was described as an elevation of privilege in Netlogon, the protocol that authenticates users against domain controllers.
The vulnerability received the maximum severity rating of 10, but details were never made public, meaning users and IT administrators never knew how dangerous the issue really was.
Take over a domain controller with a bunch of zeros
But in a blog post today, the team at Secura B.V., a Dutch security firm, has finally lifted the veil over this mysterious bug and published a technical report describing CVE-2020-1472 in greater depth.
And per the