Homeland Security’s cybersecurity advisory unit has issued a rare emergency alert to government departments after recently announcing a “critical” rating vulnerability in Microsoft server versions Windows.
The Cybersecurity and Infrastructure Security Agency, better known as CISA, issued a warning late Friday calling on all federal departments and agencies to “immediately” admit Windows servers susceptible to the so-called Zerologon attack by Monday patch, citing an “unacceptable risk” government networks.
It is the third emergency alert issued by CISA this year.
The Zerologon vulnerability, which has a severity level of 1
With full access to a network, an attacker could deploy malware or ransomware, or steal confidential internal files.
Secura, the security firm that discovered the bug, said it took “approximately three seconds in real life” to exploit the vulnerability.
Microsoft released an initial fix in August to prevent exploitation. Given the complexity of the bug, Microsoft said it would need to release a second patch early next year to completely fix the problem.
But the race to patch systems continues after researchers reportedly released proof-of-concept code that might allow attackers to use the code to launch attacks. CISA said Friday that it “believes this vulnerability is being actively exploited in the wild”.
Although the CISA alert only applies to federal government networks, the agency urges businesses and consumers to patch their systems as soon as possible, if not already.