Homeland Security Issues Emergency Directive for Windows Zerologon Vulnerability

September 20, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), under the umbrella of the U.S. Department of Homeland Security, issued an emergency directive concerning a critical Windows Server security vulnerability. The so-called Zerologon exploit, which received the 10.0 severity score, could allow an attacker to take control of any or all computers on an entire network, just through one compromised device, by using the Microsoft Windows Netlogon Remote Protocol. The attacker does not even need to steal or use any network passwords to gain access to sensitive systems, according to TechCrunch. With this type of access, a bad actor could spread malware, ransomware, or steal confidential information. The CISA emergency directive applies to Executive Branch government departments, but the agency "strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible." The agency also said that it "assumes active exploitation of this vulnerability is occurring in the wild."
 

How to Protect Your Organization

Microsoft released an initial patch for the Zerologon exploit in August 2020, but will likely have to roll out a second patch in the future to completely eliminate the issue, per TechCrunch. Unsure if your equipment and data protections are up to date? It's time to find out. The scope of successful attacks increased by 44% from 2018 to 2019, and the trend is increasing as the world manages the COVID-19 Pandemic and confronts other uncertainties. That's where FIT comes in. We have bundled our Cybersecurity services into our standard Managed IT Services package:
  • Data Security
  • Identity Security
  • Endpoint Security
  • Security Training
  • Security Response
Contact us today to find out how a partnership with us can help your organization achieve its goals.  
Michelle

Contributor

Michelle Tomallo

Michelle is a co-founder of FIT and has served in many roles during the company’s history—from client services, to account management, to operations. She currently focuses on human resources as Chief People Officer, and is a driving force of the culture at FIT.

Related Posts

View More