The Department of Homeland Security’s cybersecurity division has ordered federal civilian agencies to install a security patch for Windows Servers, citing “unacceptable risk” posed by the vulnerability to federal networks.
The DHS order was issued via an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.
The target of the DHS’s latest emergency directive is CVE-2020-1472, a vulnerability also known as Zerologon.
The vulnerability is considered extremely dangerous, as it allows threat actors that have a foothold on an internal network to hijack Windows Servers running as domain controllers and effectively take over the entire network.
Microsoft included fixes for the Zerologon vulnerability in the August 2020…