Homeland Security Issues Urgent Windows Security Warning Over Zerologon Exploit
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the vulnerability over the weekend.
The Zerologon exploit is a way for a nefarious person to escalate privileges within a system and gain access to other systems and files. It takes advantage of the Windows Server Netlogon Remote protocol and authentication to capture session data to escalate the exploit further.
Earlier in August, Microsoft released a patch to mitigate the vulnerability for Windows Server operating systems. According to CISA, the patch “is currently the only mitigation to this vulnerability (aside from removing affected domain controllers from the network).” Thus, Homeland Security and CISA have deemed this exploit an “unacceptable risk” to the Federal Civilian Executive Branch and have issued an emergency directive. The emergency directive requires agencies to apply the update to fix the vulnerability immediately.
Although the Emergency Directive only applies to those federal agencies, we strongly recommend that state & local government, the private sector, and the American public also apply this security update as soon as possible. More info: https://t.co/O303PodUon #NetSec 2/2
— Cybersecurity and Infrastructure Security Agency (@CISAgov) September 19, 2020
This sort of governmental reaction is alarming but not surprising given its scope. The Common Vulnerability Scoring System (CVSS) has the Zerologon exploit rated at a 10, which is the highest severity rating it could receive. While the government is expediting fixes, companies and organizations should heed the warning of the emergency directive and update their systems too. This exploit is not something you want to find out about the hard way.
