Microsoft will be allowed by default to all Domain Controller to be in “Enforcement mode” in order to manage the CVE-2020-1472 which it will be implemented starting Feb 9 2021.

Lately, Zerologon Vulnerabilities have gotten more serious within this past few months since a group of Advanced Persistent Threat(APT) such as China-backed APT Cicada and MERCURY APT group have disclosed the flaw to the public.

Microsoft’s August 2020 security updates have point out that The ZeroLogon have been rated as a critical-severity CVSS by the scoring of 10 from 10. As a result, a new implementation such as ‘Enforcement Mode’ can be recommendation that organisation use in order to block any group of attacker to gain access to the domain controllers via network.

Ivan Righi, cyber threat intelligence analyst at Digital Shadows have talk to Threatpost that

Reported attacks began occurring within just two weeks of the vulnerability being disclosed,

Righi continued

APT10 (aka Cicada, Stone Panda, and Cloud Hoppe) was also observed leveraging Zerologon to target Japanese companies in November 2020.

Reference: Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’