Application Security
,
Fraud Management & Cybercrime
,
Governance & Risk Management

U.S. government agencies are supposed to have patched the “Zerologon” vulnerability by now, about six weeks after Microsoft issued a patch.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive on Friday asking agencies to apply the patch no later than midnight Tuesday. Agencies are required to report their compliance by Wednesday.

“CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” according to CISA’s advisory.

CISA can force government agencies to make fixes. But being more public about problematic vulnerabilities is a way to call them to the attention of private companies that might be using the same products, nudging them to also patch the vulnerabilities as soon as possible.

The agency has recently issued advisories about vulnerabilities in F5’s BIG-IP network products and Pulse Secure VPN servers.

CISA says the factors leading to the latest directive include the availability of exploit code, the wide use of vulnerable domain controllers, the high chance of compromise and the continued presence of unpatched systems.

If the domain controllers can’t be updated, CISA says those devices should be removed from networks.

The Zerologon vulnerability, CVE-2020-1472, exists in the Microsoft Windows Netlogon Remote Protocol, or MS-NRPC, an authentication component of Active Directory that organizations use to manage user accounts, including authentication and access.

Security firm Trend Micro says a Zerologon attack “can be executed in approximately three seconds, so it could be very dangerous.” An attacker could use the exploit to impersonate the identity of any computer that is authenticating against the domain controller.

“From there, a variety of other attacks, including but not limited to disabling security features, changing passwords and essentially taking over the domain are possible,” the firm warns.

One piece of good news is that the vulnerability can’t be remotely exploited. But if an attacker already has network access, they could use Zerologon to quickly traverse the network.

Microsoft issued a Zerologon patch on Aug. 11, but it only provides a partial fix. The update enables domain controllers to protect devices, but a more robust fix from Microsoft will still be required, according to Dustin Childs of the Zero Day Initiative, which is part of Trend Micro.

“A second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug,” Childs says in a Trend Micro blog post.

Microsoft has outlined steps administrators should take as well as the implications of its plan to enforce Netlogon’s secure channel connections.

Also, the Samba Team has released a patch for its suite of file and print services for Windows and Linux. Samba also uses the Netlogon protocol. But the default behavior for Samba since version 4.8, which was released in March 2018, has been to use a secure Netlogon channel, according to its advisory.

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

90 minutes · Premium OnDemand 

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations’ risk management capabilities. But no one is showing them how –
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
– the bible of risk assessment and management – will share his unique insights on how to:

Sr. Computer Scientist & Information Security Researcher,
National Institute of Standards and Technology (NIST)

Need help registering?
Contact support

Need help registering?
Contact support

Need help registering?
Contact support

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.

Source: https://www.bankinfosecurity.com/cisa-pushes-government-agencies-to-patch-zerologon-flaw-a-15032

Microsoft Corporation, Cyberattack, Computer security, Exploit, Vulnerability

World news – US – CISA Pushes Government Agencies to Patch ‘Zerologon’ Flaw

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here