Security News > 2020 > September > Patch this critical software flaw now, says Homeland Security in emergency warning

The Department of Homeland Security has given system administrators until today to patch a critical vulnerability in Windows Server that could allow an attacker to hijack federal networks, via a flaw in the Netlogon authentication system.

On 18 September, the DHS's cybersecurity division issued an emergency directive giving government agencies a four-day deadline to patch the CVE-2020-1472 vulnerability, also known as Zerologon, citing the "Unacceptable risk" it posed federal networks.

The flaw enables an unauthorized user to assume control of a network via a flaw in the Microsoft Windows Netlogon Remote Protocol, by simply sending a series of Netlogon messages with input fields filled with zeros.

"In an emergency directive assigned 20-04, DHS CISA said:"CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action.

Under US law, the Secretary of Homeland Security is authorized to "Issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information systemfor the purpose of protecting the information system from, or mitigating, an information security threat."

News URL

https://www.techrepublic.com/article/windows-server-patch-this-critical-flaw-now-says-homeland-security-in-emergency-warning/#ftag=RSS56d97e7