The federal government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare emergency directive to federal government agencies to roll out a Windows Server patch within days, an indication of the severity of the exploit.
The directive was issued on September 18, and agencies were given four days to apply the security update. It demands that executive agencies take “immediate and emergency action” to patch CVE-2020-1472, issued August 11.
The vulnerability is in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory from Windows Server 2008 to Server 2019. It has been named “Zerologon” because of how it works.