Homeland Security issues a rare emergency alert about a “serious” Windows error – TechCrunch

The Homeland Security Cyber ​​Security Advisory Unit issued a rare emergency alert to government departments after the recent disclosure of a “critical” vulnerability in server versions of Microsoft Windows.

The Cybersecurity and Infrastructure Security Agency, known as CISA, has issued an alert Late on Friday All federal departments and agencies called for “immediate” patching of any Windows servers vulnerable to the so-called Zerologon attack by Monday, citing an “unacceptable risk” to government networks.

It is the third emergency alert issued by CISA this year.

The Zerologon weaknessRated a maximum severity of 10.0, an attacker could allow the attacker to gain control over any or all computers on a vulnerable network, including domain controllers and servers that manage network security. The error is aptly named “Zerologon,” because the attacker does not need to steal or use any network passwords to gain access to domain controllers, but rather only gain a foothold on the network, such as exploiting a vulnerable device connected to the network.

With complete network access, an attacker can spread malware, ransomware, or steal sensitive internal files.

Secura security company which Find out the bug, He said it takes “about three seconds practically” to exploit the vulnerability.

Microsoft pushed for an initial fix in August to prevent the exploit. But given the complexity of the bug, Microsoft said it will have to roll out a second patch early next year to completely eradicate the problem.

But the race is underway to patch the systems after researchers reportedly released the proof-of-concept code, which could allow attackers to use the code to launch attacks. CISA said Friday that it “assumes that active exploitation of this vulnerability is occurring in the wild.”

See also  The US State Department Mission to the Middle East: A Week of Summits

Although the CISA alert only applies to federal government networks, the agency said it is “strongly” urging companies and consumers to correct their systems as soon as possible if not already.

Leave a Reply

Your email address will not be published. Required fields are marked *