Government Orders Agencies to Patch Zerologon Vulnerability Immediately
Homeland Security Issues Emergency Alert for Zerologon
The Department of Homeland Security’s cybersecurity division (CISA) has ordered federal civilian agencies to install a security patch for Windows Servers by Monday, citing “unacceptable risk” posed by the vulnerability to federal networks.
Declared via an emergency directive, the DHS order was issued via a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.
The Zerologon vulnerability allows attackers that have a grasp on an internal network to hijack Windows Servers running as domain controllers and take over the entire network. It has been independently ranked with a CVSS score of 10.0, which is the highest possible rating. Deployment of this patch is essential.
Why the Zerologon Needs to Be Patched Immediately
Microsoft included fixes for the Zerologon vulnerability in the August Patch Tuesday update. Most IT professionals did not know how bad the bug really was until seeing a recent report from Secura and the weaponized proof-of-concepts that went public shortly afterward.
The widespread use of Windows Servers as domain controllers in US government networks, the 10 out of 10 severity rating for Zerologon, and the danger of a successful attack is what determined DHS officials to issue a rare emergency directive late Friday afternoon.
“CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” DHS CISA said in Emergency Directive 20-04.
The short deadline for applying security updates is primarily due to the ease of exploitation and severe consequences of a successful Zerologon attack. Although the directive applies to executive branch departments and agencies, the CISA also “strongly recommends” that the private sector take immediate action as well.
How to Patch Zerologon
We recommend deploying this update as soon as possible. Customers of Syxsense can easily patch the vulnerability by simply searching for CVE-2020-1472 within Patch Manager. Syxsense Manage and Syxsense Secure can easily deploy updates across your environment for Windows, Linux, and Mac devices. Automatically stay up-to-date and keep your environment secure with a simple and powerful solution.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.