Key portion here:
A vulnerability dubbed “Zerologon,” first seen in Microsoft’s August Patch Tuesday security updates, is getting renewed attention due to additional context released by the security organization, Secura. CVE-2020-1472, is a critical CVSS10 vulnerability that allows a malicious threat actor on a corporate network to impersonate the identity of any network computer trying to authenticate against a domain controller, disable related Netlogon security features, and change password credentials on network domain controllers.
TL;DR - if they’re on your corp network, then they can impersonate another machine to the DC and wreak havoc.
