A critical rated security vulnerability was detected in server versions of Microsoft Windows. Homeland Security’s cybersecurity advisory unit has issued a rare-emergency alert to government departments after this recent disclosure.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert late on September 18, which indirectly kept a requirement wherein all federal departments and agencies should “immediately” patch any Windows servers susceptible to the so-called Zerologon attack. It might look and behave like an ‘unacceptable risk’ for government networks.
It is marked as a third emergency alert issued by CISA this year.
The severity of Zerologon vulnerability is rated as a maximum of 10.0. It is so severe that it could allow the attacker to affect one or all computers, domain controllers, and the servers on the vulnerable network. The name is well-justified as ‘Zerologon’ because, in this, the attacker doesn’t need to steal or use network passwords to get access to the domain controllers. All it needs to do is gain a foothold on the network and exploit a vulnerable device connected to the network.
Once the attacker gets complete control over the network, it becomes easy to deploy malware, ransomware, or steal sensitive internal files. The company which discovered the bug said that it takes just three seconds in practicality to exploit the vulnerability.
Microsoft worked and rolled out an initial fix in August to prevent exploitation. But looking at the complexity, the tech giant said it would have to roll out a second batch in the next year to resolve the issue from the root.
Although the alert applies to federal government networks, the agency still urges consumers and companies to repair & protect their system ASAP if they have not done it already.