Feds issue emergency order for agencies to patch critical Windows flaw

 In Active Directory, Biz & IT, CISA, critical vulnerabilities, cybersecurity and infrastructure security agency, Department of Homeland Security, domain controller, Tech, updates, Windows Server

Feds issue emergency order for agencies to patch critical Windows flaw

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Close-up photograph of computer networking components.

Enlarge (credit: Sebastian Kahnert/picture alliance via Getty Images)

The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions.

Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday.

An unacceptable risk

The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers to create working attacks.

Read 9 remaining paragraphs | Comments

Agencies that don’t update must disconnect all domain controllers from networks.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt