DHS CISA orders federal agencies to immediately fix Zerologon flaw

DHS CISA orders federal agencies to immediately fix Zerologon flaw

The US Department of Homeland Security (DHS) has issued an emergency directive (Emergency Directive 20-04) that orders US federal agencies to patch the Zerologon vulnerability (CVE-2020-1472) by Monday.

The vulnerability in question is a critical elevation of privilege flaw which affects the Netlogon remote protocol, a legacy protocol that is still supported on all Windows servers to allow them to work in domain environment. Named Zerologon, the vulnerability could be used by an attacker with access to a Windows Domain Controller to take over the Windows domain. CVE-2020-1472 impacts systems running Windows Server 2008 R2 and later.

Although the flaw was fixed as part of the August Patch Tuesday, the details about the issue and proof-of-concept exploits started to appear over the past week.

“Applying the update released on August 11 to domain controllers is currently the only mitigation to this vulnerability (aside from removing affected domain controllers from the network),” CISA said.

Thus, the agency deems the CVE-2020-1472 flaw to be “an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action.”

According to the directive, the government agencies must update all Windows Servers with the domain controller role by Monday, September 21; apply the August 2020 Security Update to all Windows Servers with the domain controller role or remove affected domain controllers from the network if they are cannot be updated; ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected domain controller servers are updated before connecting to agency networks.

Federal agencies must also provide a completion report by September 23, 2020.

Back to the list

Latest Posts

Let’s Encrypt ends expiration notification emails, citing privacy, cost, and complexity

Let’s Encrypt ends expiration notification emails, citing privacy, cost, and complexity

The organization says the decision to discontinue expiration emails is driven by rising operational costs, increasing privacy concerns, and efforts to simplify its infrastructure.
30 June 2025
UAC-0226 upgrades Giftedcrook malware for intelligence gathering on Ukraine

UAC-0226 upgrades Giftedcrook malware for intelligence gathering on Ukraine

V1.3 comes with expanded ability to exfiltrate a wide range of sensitive files.
30 June 2025
Crypto investment fraud ring dismantled in Spain after defrauding 5K victims worldwide

Crypto investment fraud ring dismantled in Spain after defrauding 5K victims worldwide

The Guardia Civil arrested five individuals who are believed to be key members of the international criminal network.
30 June 2025