Security News > 2020 > September > US Cybersecurity agency issues super-rare Emergency Directive to patch Windows Server flaw ASAP

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch.
The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.
CISA has directed executive agencies to apply the patch by September 21, as well as strongly urging state and local government agencies, the private sector, and members of the public to update as soon as possible.
"We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary," the agency warned.
US government agencies need the firmest possible prod to get it done.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/21/cisa_zerologon_emergency_directive/
Related news
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- New Windows Server emergency updates fix container launch issue (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)