The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency alert requiring all federal agencies to “immediately” patch any Windows servers vulnerable to a so-called Zerologon (MITRE CVE-2020-1472) bug by Monday.
The warning came after the disclosure of a “critical” rated security vulnerability in server versions of Microsoft Windows.
The Zerologon vulnerability is rated a 10 level threat. This is the most severe threat to systems.
“While agencies are responsible for managing risk to their networks, CISA is responsible for safeguarding and securing the Federal enterprise. We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary.”
“Left unpatched, this vulnerability could allow attackers to compromise network identity services. We have directed agencies to implement the patch across their infrastructure by Monday, September 21, and given instructions for which of their many systems to prioritize,” the CISA alert states.