Security News > 2020 > September > US Cybersecurity agency issues super-rare Emergency Directive to patch Windows Server flaw ASAP

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch.
The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.
CISA has directed executive agencies to apply the patch by September 21, as well as strongly urging state and local government agencies, the private sector, and members of the public to update as soon as possible.
"We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary," the agency warned.
US government agencies need the firmest possible prod to get it done.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/21/cisa_zerologon_emergency_directive/
Related news
- US news org still struggling to print papers a week after 'cybersecurity event' (source)
- Probe finds US Coast Guard has left maritime cybersecurity adrift (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- US healthcare org pays $11M settlement over alleged cybersecurity lapses (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)