Zerologon (CVE-2020-1472) exploits a crypto flaw in Windows Netlogon to achieve domain admin in seconds. CVSS 10.0. Enables complete Active Directory compromise.

CVE-2020-1472: Zerologon

CRITICAL

10CRITICAL

Published: 2020-08-11Affected: Windows Server 2008-2019CWE-330 ↗

What is Zerologon?

A critical privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). By exploiting a cryptographic flaw in the AES-CFB8 implementation, attackers can establish a Netlogon session with a domain controller using an all-zero computer credential.

Impact & Exploitation

Enables domain admin compromise in seconds. CVSS 10.0. Exploited by Iranian and Chinese APTs. Full Active Directory takeover from any network position.

How Precogs AI Detects Zerologon

Precogs AI detects weak cryptographic implementations in compiled Windows networking components, identifying Netlogon-style AES-CFB8 flaws in authentication protocols.

Scan for CVE-2020-1472

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2020-1472: Zerologon

What is Zerologon?

Impact & Exploitation

How Precogs AI Detects Zerologon

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

What is Zerologon?

Impact & Exploitation

How Precogs AI Detects Zerologon

Related Resources

🔍 Related CWE Entries

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?