Security News > 2020 > July > CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug
The U.S. Cybersecurity and Infrastructure Security Agency is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a "High potential for compromise of agency information systems."
"CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency said in the directive.
Specifically, the directive requires that by the deadline, all of the aforementioned agencies do the following: "Update all endpoints running Windows Server operating systems; ensure the July 2020 Security Update or registry modification workaround is applied to all Windows Servers running the DNS role; ensure the July 2020 Security Update is applied to all Windows Servers and, if necessary and applicable, the registry change workaround is removed; and ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers are updated before connecting to agency networks."
While there is no evidence of current active exploitation of the vulnerability, the CISA based its warning on "The likelihood of the vulnerability being exploited" as well as "The widespread use of the affected software across the Federal enterprise," and "The grave impact of a successful compromise," according to the directive.
Although Emergency Directive 20-03 applies only to certain Executive Branch departments and agencies, the CISA also strongly recommends that all state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.
News URL
Related news
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows Server 2025 released—here are the new features (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)