Security News > 2020 > September > US Cybersecurity agency issues super-rare Emergency Directive to patch Windows Server flaw ASAP
Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch.
The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.
CISA has directed executive agencies to apply the patch by September 21, as well as strongly urging state and local government agencies, the private sector, and members of the public to update as soon as possible.
"We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary," the agency warned.
US government agencies need the firmest possible prod to get it done.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/21/cisa_zerologon_emergency_directive/
Related news
- US govt launches cybersecurity safety label for smart devices (source)
- I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 0.0 |