Homeland Security CISA unit tells federal agencies to fix Zerologon bug


The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency alert requiring all federal agencies to “immediately” patch any Windows servers vulnerable to a so-called Zerologon (MITRE CVE-2020-1472) bug by Monday. 

The warning came after the disclosure of a “critical” rated security vulnerability in server versions of Microsoft Windows.

The Zerologon vulnerability is rated a 10 level threat. This is the most severe threat to systems.

“While agencies are responsible for managing risk to their networks, CISA is responsible for safeguarding and securing the Federal enterprise. We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary.” 

“Left unpatched, this vulnerability could allow attackers to compromise network identity services. We have directed agencies to implement the patch across their infrastructure by Monday, September 21, and given instructions for which of their many systems to prioritize,” the CISA alert states.

It’s the third emergency alert sent to Federal agencies and Departments by CISA this year.

Federal agencies and systems at high risk

CISA required federal civilian agencies to install a security patch. The immediate patch for Windows Servers needs attention now. The CISA alert cites “unacceptable risk” posed by the vulnerability to federal networks.

The agency issued an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions for security.

Left unchecked it could allow an attacker to take control of any or all computers on a vulnerable network. The domain controllers and the servers that manage a network’s security are at high-risk. The bug was named, Zerologon, because a hacker doesn’t need to use any network passwords to gain access.

By exploiting a vulnerable device connected to a network, a hacker can take control of the domain controllers. And deploy malware, ransomware, or steal sensitive government files.

Microsoft has developed a two patch solution

Microsoft pushed out an initial fix in August to prevent exploitation. But given the complexity of the issue, the tech giant said it would have to send out a second patch early next year to eradicate the issue.

Federal agencies are working to patch systems. Researchers reportedly released proof-of-concept code, potentially allowing attackers to use the code to launch attacks. CISA said Friday that it “assumes active exploitation of this vulnerability is occurring in the wild.”

Although the CISA alert only applies to federal government networks, the agency  is“strongly” encouraging companies and consumers to patch their systems as soon as possible. Federal networks must immediately comply. Businesses, state, and local agencies, as well as individual consumers should also act.

Last month, Interpol issued a warning that cyberattacks are increasing exponentially, during the coronavirus pandemic. 


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want a guaranteed coverage? We also offer contract journalism here. We practice journalism ethics and standards. We strive to present news stories with accuracy, fairness, impartiality, integrity, truthfulness, and public accountability.

Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.