The Department of Homeland Security's cybersecurity division has ordered federal civilian agencies to install a security patch for Windows Servers, citing "unacceptable risk" posed by the vulnerability to federal networks.
The DHS order was issued via an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.
The target of the DHS's latest emergency directive is CVE-2020-1472[1], a vulnerability also known as Zerologon[2].
The vulnerability is considered extremely dangerous, as it allows threat actors that have a foothold on an internal network to hijack Windows Servers running as domain controllers and effectively take over the entire network.
Microsoft included fixes for the Zerologon vulnerability in the August 2020 Microsoft Patch Tuesday, published on August 11; however, many system administrators did not know how bad the bug really was until this week, on Monday, when security researchers from Secura published a technical report[3] explaining CVE-2020-1472 at the technical level.
This in-depth report was more than enough to allow white-hat and black-hat hackers to create weaponized proof-of-concept Zerologon exploits that went public within hours after the Secura report.
The creation of these exploits, the widespread use of Windows Servers as domain controllers in US government networks, the 10 out of 10 maximum severity rating that the Zerologon bug received, and the "grave impact" of a successful attack is what determined DHS officials to issue a rare emergency directive late Friday afternoon.
"CISA [Cybersecurity and Infrastructure Security Agency] has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," DHS CISA said in Emergency Directive 20-04[4].
System admins have until Monday to patch
DHS CISA officials gave federal system administrators until