The US’s Department of Homeland Security (DHS) recently issued a security warning to all government agencies regarding a security exploit found within Microsoft’s Window OS. According to the department’s Cybersecurity and Infrastructure Security Agency (CISA), the warning concerns an exploit known as Zerologon.

Apparently, Zerologon affects Windows’ domain controllers and, if used accordingly by hackers, would enable insidious parties to escalate privileges within a system and, in turn, gain access to other systems and files. It does this by reportedly taking advantage of the Windows Server Netlogon Remote protocol and authentication. In order to record session data of the affected user.

We just released an Emergency Directive concerning a critical vulnerability affecting Microsoft Windows servers: https://t.co/HfJst2C0QL. This directive instructs Federal Civilian Executive Branch agencies to take action on this vulnerability. #InfoSec #InfoSecurity 1/2

To be clear, Microsoft had been informed about Zerologon back in August and even released a patch to alleviate the flaw specifically for its Windows Server OS. Despite this, CISA is clearly not taking any further chances with the exploit, which explains why it issued the emergency directive in the first place.

To that end, the emergency directive will require all agencies to either update all Windows Servers with the domain controller role, or to simply “pull un-updatable systems from the network. It’s an extreme reaction from a government agency, but at the same time, it can also be argued that you wouldn’t want to find yourself on the receiving end of an exploit with the higher severity rating on the Common Vulnerability Scoring System (CVSS).

A hardware enthusiast who just can’t seem to stop playing around with PC components and consumer tech devices. Also has a very unearthly love for tea. No seriously, it’s very unearthly.

Source: https://www.lowyat.net/2020/221829/us-homeland-security-issues-warning-for-zerologon-security-flaw-on-windows/

Microsoft Windows, United States Department of Homeland Security, Microsoft Corporation, Computer security, Windows Server, Vulnerability

World news – GB – US Homeland Security Issues Warning For Zerologon Security Flaw On Windows

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here