Cisco Talos tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol. Microsoft is currently handling the mitigation of this vulnerability in a phased, two-part rollout. To protect against this vulnerability, Microsoft recommends blocking non-signed or sealed connections entirely. Microsoft outlined its plan in an advisory, saying, For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout””]
Source: https://blog.talosintelligence.com/2020/09/netlogon-rises.html