Skip to main content

Homeland Security warns of a 'critical' security flaw in Windows servers

posted onSeptember 20, 2020
by l33tdawg
Engadget
Credit: Engadget

The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon.

The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.

CISA said it was issuing the warning for the dire consequences, the availability of “in the wild” exploits and the sheer ubiquity of affected Windows servers serving as domain controllers. It affects systems running Windows Server 2008 R2 and later, including recent ones using versions of Server based on Windows 10. The security hole isn’t difficult to use. It takes “about three seconds in practice,” according to Secura. Agencies have to install the patch no later than September 21st.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th