Zerologon’ (CVE-2020-1472) vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions. Remote attackers can establish a connection to the targeted domain controller over NetLogon Remote Protocol. U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing federal agencies to patch Zerologon flaws on Windows Servers immediately. The issue was first disclosed to the public when Microsoft released a patch for it in August.
Source: https://thehackernews.com/2020/09/detecting-and-preventing-critical.html