The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon. The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.
CISA said it was issuing the warning for the dire consequences, the availability of “in the wild” exploits and the sheer ubiquity of affected Windows servers serving as domain controllers. It affects systems running Windows Server 2008 R2 and later, including recent ones using versions of Server based on Windows 10.