Security News > 2020 > September > DHS Issues Dire Patch Warning for ‘Zerologon’
With only hours until the deadline for the directive, issued on Friday, to be executed, what is at stake is a "Vulnerability [that] poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," according to the Cybersecurity and Infrastructure Security Agency.
Microsoft released a patch for the vulnerability as part of its August 11, 2020 Patch Tuesday security updates.
"If affected domain controllers cannot be updated, ensure they are removed from the network," the agency said.
"The availability of the exploit code in the wild increasing likelihood of any upatched domain controller being exploited," the agency said.
The CISA directive orders those agencies, by 11:59 PM EDT, Wednesday, Sept. 23, 2020, to submit a "Completion report" to DHS. "Beginning Oct. 1, 2020, the CISA Director will engage the CIOs and/or Senior Agency Officials for Risk Management of agencies that have not completed required actions, as appropriate and based on a risk-based approach," read the CISA directive signed by Christopher Krebs, Director, Cybersecurity and Infrastructure Security Agency, within the Department of Homeland Security.