This move will block vulnerable connections from noncompliant devices, according to a Microsoft Security and Response Center blog post. DC enforcement mode requires both Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with a Netlogon secure channel, unless a business has allowed an account to be exposed by adding an exception for a noncompliant device. CVE-2020-1472 is a privilege escalation flaw in the Windows Netlogon Remote Protocol (MS-NRPC) with a CVSS score of 10. It could enable an unauthenticated attacker to use MS-NRPC to connect to a domain controller and gain full admin access. Since it was fixed in August, the "Zerologon" bug has been seen in active campaigns from Iranian threat group Mercury. The DHS's Cybersecurity and Infrastructure Security Agency (CISA) later issued an emergency directive for the flaw, requiring federal agencies to patch immediately.