CISA issues emergency warning over critical Windows vulnerability

Microsoft sign on glass building

Cybersecurity and Infrastructure Security Agency (CISA) has taken the extraordinary steps of issuing an emergency alert about a critical vulnerability in Windows.

CISA issued the warning to government departments, saying it "has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action". With Emergency Directive 20-04, the CISA requires agencies to install the August 2020 Security Update to mitigate against a vulnerability in Microsoft Windows Netlogon Remote Protocol.

Advertisement

See also:

The vulnerability affects Windows Server and could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services. While the directive obliges Executive Branch agencies to install Microsoft's August 2020 Security Update, CISA's assistant director, Bryan Ware, says:

We strongly urge our partners in State and local government, the private sector, and the American public to apply this security update as soon as possible. If enterprises cannot immediately apply the update, we urge them to remove relevant domain controllers from their networks.

Back in August, Microsoft gave the following explanation of the vulnerability (CVE-2020-1472), which has the maximum CVSS score of 10.0:

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.

To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.

Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.

The CISA's Emergency Directive 20-04 can be read here.

Image credit: ArbyDarby / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.