Microsoft's Security Intelligence team says it's monitoring new attacks that employ public exploits of the recently patched CVE-2020-1472 Netlogon EoP vulnerability, aka Zerologon.
In a series of tweets last night, Microsoft advised organizations to "immediately" patch the flaw. The company said it will keep tracking the threats and update its threat analytics report as it learns more.
"Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks," the company posted on its @MsftSecIntel Twitter account.
Read and follow the latest from Microsoft on the attacks here.