Microsoft has addressed companies who have not yet updated their systems to address the critical Zerologon flaw, a vulnerability in the cryptography of Microsoft's Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root domain controller.
Beginning with the February 9, 2021 Security Update release, Microsoft will be enabling Domain Controller enforcement mode by default, blocking vulnerable connections from non-compliant devices. The Domain Controller enforcement mode requires that all Windows and non-Windows devices use secure RPC (an authentication method that authenticates both the host and the user who is making a request for a service) with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device, said Aanchal Gupta, VP Engineering, MSRC.