The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon. The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.
CISA said it was issuing the warning for the dire consequences, the availability of “in the wild” exploits and the sheer ubiquity of affected Windows servers serving as domain controllers. It affects systems running Windows Server 2008 R2 and later, including recent ones using versions of Server based on Windows 10.
The security hole isn’t difficult to use. It takes “about three seconds in practice,” according to Secura.
Agencies have to install the patch no later than September 21st.
While the alert is clearly aimed at federal officials, it also serves as a warning for private firms that depend on Windows servers and Active Directory. If an intruder successfully launches this exploit, they’ll effectively have control of the network. They could spread malware, steal data or otherwise cause havoc. Some companies have already suffered major disruptions due to malware this year, and that trend could continue if they don’t protect themselves against flaws like Zerologon in a timely fashion.