Security News > 2020 > September > Patch this critical software flaw now, says Homeland Security in emergency warning

The Department of Homeland Security has given system administrators until today to patch a critical vulnerability in Windows Server that could allow an attacker to hijack federal networks, via a flaw in the Netlogon authentication system.
On 18 September, the DHS's cybersecurity division issued an emergency directive giving government agencies a four-day deadline to patch the CVE-2020-1472 vulnerability, also known as Zerologon, citing the "Unacceptable risk" it posed federal networks.
The flaw enables an unauthorized user to assume control of a network via a flaw in the Microsoft Windows Netlogon Remote Protocol, by simply sending a series of Netlogon messages with input fields filled with zeros.
"In an emergency directive assigned 20-04, DHS CISA said:"CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action.
Under US law, the Secretary of Homeland Security is authorized to "Issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information systemfor the purpose of protecting the information system from, or mitigating, an information security threat."
News URL
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)