Rare warning from CISA instructs government agencies to patch a vulnerability in a core authentication component of Active Directory from Windows Server 2008 to Windows Server 2019. The federal government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare emergency directive to federal government agencies to roll out a Windows Server patch within days, an indication of the severity of the exploit. The directive was issued on September 18, and agencies were given four days to apply the security update. It demands that executive agencies take “immediate and emergency action” to patch CVE-2020-1472, issued August 11. The vulnerability is in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory from Windows Server 2008 to Server 2019. It has been named “Zerologon” because of how it works. CVE-2020-1472 addresses a critical elevation-of-privilege bug that exists when an attacker uses NRPC to establish a vulnerable secure channel connection to a domain controller, according to Microsoft’s bug entry. It could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services. Microsoft rated the exploit a 10 on the 1-10 Common Vulnerability Scoring System (CVSS) scale, meaning the most severe of vulnerabilities. The patch is the only way to mitigate this vulnerability, or the affected domain controllers could be removed from the network. CISA has jurisdiction over government agencies, save for the Department of Defense, which has its own rules. However, CISA strongly urges state and local government agencies, the private sector, and other non-governmental entities to update as soon as possible. When bug hunters find exploits like this, all parties do a pretty good job of keeping the details quiet until a patch is issued. The problem is that once a patch is issued, the vulnerability becomes available for all to see, and if the patch isn’t immediately applied, those machines are at risk. The problem is compounded by Microsoft’s track record as of late with its Patch Tuesday fixes, which can be buggy or broken, cause computer problems, and frequently have to be rolled back. IT managers are often reluctant to roll out patches as soon as Microsoft issues them. But in this case, if the feds are ordering their own departments to roll it out, you should, too. Related content brandpost Sponsored by Zscaler NYC Department of Education builds the pipeline for future cybersecurity professionals NYC Department of Education's innovative programs empower students through hands-on experience and partnerships in cybersecurity, paving the way for diverse career pathways and long-term success in the digital workforce. By Demond Waters, CISO, and Anthony Dixon, Director of Cybersecurity Engineering at the New York City (NYC) Department of Education (DOE) Oct 21, 2024 10 mins Security brandpost Sponsored by Zscaler Are Your Firewalls and VPNs the Weakest Link in Your Security Stack? In an era when traditional network perimeters no longer exist, it’s time to adopt the Zero Trust mantra, "never trust, always verify.” By Zscaler Oct 21, 2024 9 mins Security brandpost Sponsored by Zscaler 6 key mobile and IoT/OT attack trend findings Zscaler ThreatLabz analysis shows more than 100% growth in spyware, much of which can bypass multifactor authentication, and 45% growth in IoT attacks. By Will Seaton, Viral Gandhi, Yesenia Barajas Oct 18, 2024 6 mins Security news Admins warned to update Palo Alto Networks Expedition tool immediately Six holes in the configuration migration tool could allow theft of cleartext passwords and more. By Howard Solomon Oct 11, 2024 1 min Network Security Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe