Security News > 2020 > September > DHS Orders Federal Agencies to Immediately Patch 'Zerologon' Vulnerability
The Department of Homeland Security on Friday issued an Emergency Directive that requires federal agencies to install fixes for a Netlogon elevation of privilege vulnerability for which Microsoft released patches in August 2020.
In its Emergency Directive 20-04, the DHS's Cybersecurity and Infrastructure Security Agency warns all federal agencies that applying Microsoft's patches is the only available mitigation for this critical vulnerability, aside from removing affected domain controllers from the environment.
Agencies are required to apply the Windows Server August 2020 security update to all domain controllers by Monday, September 21, 2020, at 11:59 PM EDT. In addition to installing the August 2020 patches, agencies are also required to ensure that even newly provisioned or previously disconnected domain controller servers have the updates before they are connected to agency networks.
CISA recommends that agencies use their vulnerability scanning tools along with additional means to ensure that the necessary patches have been deployed.
"These requirements apply to Windows Servers with the Active Directory domain controller role in any information system, including an information system used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information," CISA says.
News URL
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)