Outlining the issue, Microsoft’s Threat Intelligence Center tweeted: “MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks. We strongly recommend patching.”
The Windows vulnerability has been seized upon by the MuddyWater cyber-espionage group who have suspected ties to Iran’s government, according to a post by ITPro.
Hackers that manage to exploit the bug are able to take control of a victim’s Window domain, allowing them to change passwords and execute harmful commands.
Microsoft has said that they will patch the flaw in two steps.