Windows servers have been warned by the US government as it might be under a huge security flaw that has the possibility of putting other nations at risk all over the world.
The US Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) section, had come up with an emergency directive that advises the country’s government agencies to upgrade their systems with a “critical” Windows security patch.
The patch fixes the Windows Server vulnerability which is called Zerlogin, and if it were to be exploited, it will give hackers complete access to a network without the need for a password.
“A known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency,” a statement by CISA said.
Initially, the patch had been released by Microsoft on August 11th 2020, which means it has been in use for a while now – although it does look as though a couple of US government agencies have still not updated their systems.
The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) flaw is the main authentication component of Active Directory, has an effect on systems running Windows Server 2008 R2 and later on contains recent services using versions of Server based on Windows 10.
Although it, “could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services,” said CISA.
Zerogogon is rated the maximum 10.0 in severity by CISA, which shows that the US government is very serious about this malicious threat, regardless of the fix that only takes a couple of seconds to implement.
“Applying the update released on August 11 to domain controllers is currently the only mitigation to this vulnerability (aside from removing affected domain controllers from the network),” the warning included.
So the agency believes this is an “unacceptable risk” and needs “immediate and emergency action” and is advising all government agencies to update prior to September 21st, and also confirm that they have gone through with this.