Microsoft recently released a patch (CVE-2020-1472) to fix a software issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) An unauthenticated attacker with network access to a domain controller could exploit this vulnerability. An attacker does not need credentials to gain privileges on the network, only access to the domain. The US Cybersecurity and Infrastructure Security Agency (CISA) warns that exploit code for this vulnerability has been released to the web, and Microsoft reports that it has already observed attacks where those public exploits have been used.”]