An Interest In:
Web News this Week
- April 3, 2024
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
Some of Our Sources
- Team Treehouse
- The Logo Smith
- Fuel Your Creativity
- Inspiredology
- Naldz Graphics
- Line 25
- Stylized Web
- Spyre Studios
- Freelance Switch
- The Verge
Help Webnuz
Referal links:
September 22, 2020 10:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3AYsNUytr5U/feds-issue-emergency-order-for-agencies-to-patch-critical-windows-flaw
Feds Issue Emergency Order For Agencies To Patch Critical Windows Flaw
The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions. Ars Technica reports: Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday. The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers to create working attacks. Officials with the Cybersecurity and Infrastructure Security Agency, which belongs to the DHS, issued an emergency directive on Friday that warned of the potentially severe consequences for organizations that don't patch. [The agency's statement can be found in the article.] CISA, which has authorization to issue emergency directives intended to mitigate known or suspected security threats, is giving organizations until 11:59pm EDT on Monday to either install a Microsoft patch or disconnect the vulnerable domain controller from the organization network. No later than 11:59pm EDT on Wednesday, agencies are to submit a completion report attesting the update has been applied to all affected servers or provide assurance that newly provisioned or previously disconnected servers will be patched.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3AYsNUytr5U/feds-issue-emergency-order-for-agencies-to-patch-critical-windows-flaw
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot