The cyber wing of the Department of Homeland Security has issued an emergency directive regarding the Zerologon vulnerability in Windows domain controller servers. The vulnerability is a secondary stage attack that can be exploited for hijacking the whole network and received a severity score of 10/10. Thus, the directive asks all the federal agencies to update their system to patch this bug.
DHS Issues Directive to Patch Zerologon Bug
Cybersecurity community in the entire last week has discussed a critical bug in the Windows Domain Controller server software, that left exposed servers to take over systems and eventually the whole network. Named as Zerologon (CVE-2020-1472), the vulnerability exists in Windows severs running as domain controllers.
Domain Controllers authenticate the hosts in the network and grant them access to use the network resources. But, a weak authentication protocol in the Windows Servers that would allow an attacker to just inject “0s” in its Netlogon parameters to pass through, can hurt the network.
This bug gained prominent importance when Secura, a cybersecurity firm has has documented last week. While it didn’t show up the proof-of-concept in its report, it took a few hours for the readers (white and black hats) to come up with a working proof-of-concept. This, along with the fact that many government agencies running the Windows domain controller and its severity score of 10/10 led DHS to issue a directive on Friday afternoon.
The Cybersecurity and Infrastructure Security Agency (CISA) OF DHS have issued an emergency directive saying that “CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires immediate and emergency action.” It gave the agencies time upto Monday, September 21st to patch all the systems or else, pull them offline. Microsoft has issued a patch for this in its August 2020 update, but many admins haven’t patched it yet.
Other Trending News:- News