The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has warned of a critical security vulnerability affecting Windows Servers used by federal officials.
CISA said a recently discovered flaw in Windows Netlogon Remote Protocol could allow an attacker with network access to “completely compromise all Active Directory identity services.”
In its advisory, CISA urged government agencies to install a patch as soon as possible. Failure to patch the vulnerability, known as CVE-2020-1472, could have a “grave impact,” the agency said.
“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” CISA said. “Left unpatched, this vulnerability could allow attackers to compromise network identity services.”
Requires immediate attention
The flaw affects systems running Windows Server 2008 R2 and later, including recent ones using versions of Windows Server based on Windows 10. Government agencies have until September 21 to install the patch.
“We have directed agencies to implement the patch across their infrastructure by Monday, September 21, and given instructions for which of their many systems to prioritize,” CISA said.
Microsoft said it’s dealing with the vulnerability through a phased two-part rollout. The first phase will involve the installation of a security patch released last month, which will provide the first layer of protection. Another patch to further boost security will be released February 9, 2021.
“These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels,” the company said in a statement.