CISA orders federal agencies to implement Zerologon fix by Monday

2020-09-21 12:19

If you had any doubts about the criticality of the Zerologon vulnerability affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency has issued on Friday an emergency directive instructing federal agencies to "Immediately apply the Windows Server August 2020 security update to all domain controllers" - and to do so by the end of Monday.

"If affected domain controllers cannot be updated, ensure they are removed from the network," CISA advised.

Zerologon's severity stems from the fact that it can be leveraged by an unauthenticated attacker with network access to a domain controller to impersonate any domain-joined computer, including a domain controller.

"CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency noted in the emergency directive.

"This determination is based on the following: the availability of the exploit code in the wild increasing likelihood of any upatched domain controller being exploited; the widespread presence of the affected domain controllers across the federal enterprise; the high potential for a compromise of agency information systems; the grave impact of a successful compromise; and the continued presence of the vulnerability more than 30 days since the update was released."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/rTV42uelBqQ/

#cisa