Agencies Must Patch Zerologon Bug by Monday says US CISA
Earlier this week, the US Department of Homeland Security issued an emergency directive that calls for all civilian government agencies to patch a Windows vulnerability that has been categorized as high-risk. The bug, CVE-2020-1472, is a new form of a privilege bug that occurs when an attacker uses the Netlogon Remote Protocol to establish a secure channel connection to a domain controller. The vulnerability affects Windows Server 2008 and onwards.
Although the flaw was originally fixed in an August Patch Tuesday by Microsoft, over the past week several proof-of-concept exploits have appeared, causing widespread concern across the industry that the bug was going unpatched among government agencies. The bug was named Zerologon, and according to the Cybersecurity and Infrastructure Security Agency, it poses an “unacceptable risk.” The emergency directive requires all government agencies to patch the Windows Servers with a domain controller by this evening.