21 September 2020

DHS CISA orders federal agencies to immediately fix Zerologon flaw


DHS CISA orders federal agencies to immediately fix Zerologon flaw

The US Department of Homeland Security (DHS) has issued an emergency directive (Emergency Directive 20-04) that orders US federal agencies to patch the Zerologon vulnerability (CVE-2020-1472) by Monday.

The vulnerability in question is a critical elevation of privilege flaw which affects the Netlogon remote protocol, a legacy protocol that is still supported on all Windows servers to allow them to work in domain environment. Named Zerologon, the vulnerability could be used by an attacker with access to a Windows Domain Controller to take over the Windows domain. CVE-2020-1472 impacts systems running Windows Server 2008 R2 and later.

Although the flaw was fixed as part of the August Patch Tuesday, the details about the issue and proof-of-concept exploits started to appear over the past week.

“Applying the update released on August 11 to domain controllers is currently the only mitigation to this vulnerability (aside from removing affected domain controllers from the network),” CISA said.

Thus, the agency deems the CVE-2020-1472 flaw to be “an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action.”

According to the directive, the government agencies must update all Windows Servers with the domain controller role by Monday, September 21; apply the August 2020 Security Update to all Windows Servers with the domain controller role or remove affected domain controllers from the network if they are cannot be updated; ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected domain controller servers are updated before connecting to agency networks.

Federal agencies must also provide a completion report by September 23, 2020.

Back to the list

Latest Posts

Canadian steel maker Stelco temporarily halts production due to a cyber-attack

Canadian steel maker Stelco temporarily halts production due to a cyber-attack

The company did not reveal the nature of the cyber-attack, or what damage it might have caused.
27 October 2020
Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

In total, the attacker stole $13 million worth of USD Coin and $11 million worth of Tether.
27 October 2020
KashmirBlack botnet targets popular CMS platforms to mine cryptocurrency, spread spam

KashmirBlack botnet targets popular CMS platforms to mine cryptocurrency, spread spam

The botnet utilizes exploits for dozens of known vulnerabilities that allow it to attack sites running CMS platforms, such as WordPress, Joomla!, Drupal, and vBulletin.
26 October 2020