Thursday, October 22, 2020

Uncategorized

Homeland Security warns of a ‘critical’ security flaw in Windows servers

of a ‘’ security in

Colleagues working together in server room


Erik Isakson via Getty Images

The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon. The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.

CISA said it was issuing the warning for the dire consequences, the availability of “in the wild” exploits and the sheer ubiquity of affected Windows servers serving as domain controllers. It affects systems running Windows Server 2008 R2 and later, including recent ones using versions of Server based on Windows 10.

The security hole isn’t difficult to use. It takes “about three seconds in practice,” according to Secura.

Agencies have to install the patch no later than September 21st.

While the alert is clearly aimed at federal officials, it also serves as a warning for private firms that depend on Windows servers and Active Directory. If an intruder successfully launches this exploit, they’ll effectively have control of the network. They could spread malware, steal data or otherwise cause havoc. Some companies have already suffered major disruptions due to malware this , and that trend could continue if they don’t protect themselves against flaws like Zerologon in a timely fashion.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Comment



Comments

Share
1
Shares

Share

Tweet

Share


Go to Source

Author: {authorlink}
https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=true Engadget RSS Feed https://www.engadget.com/rss.xml

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics