Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks. Exploiting the bug allows an unauthenticated attacker, with network access to a domain controller, to completely compromise Active Directory identity services. Microsoft released a patch for the Zerologon vulnerability as part of its August 11, 2020 Patch Tuesday security updates. The bug is located in a core authentication component of Active Directory within the Windows Server OS and the Microsoft Windows Netlogon Remote Protocol (MS-NRPC)
Source: https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/