The US’s Department of Homeland Security (DHS) recently issued a security warning to all government agencies regarding a security exploit found within Microsoft’s Window OS. According to the department’s Cybersecurity and Infrastructure Security Agency (CISA), the warning concerns an exploit known as Zerologon.

Apparently, Zerologon affects Windows’ domain controllers and, if used accordingly by hackers, would enable insidious parties to escalate privileges within a system and, in turn, gain access to other systems and files. It does this by reportedly taking advantage of the Windows Server Netlogon Remote protocol and authentication. In order to record session data of the affected user.

We just released an Emergency Directive concerning a critical vulnerability affecting Microsoft Windows servers: https://t.co/HfJst2C0QL. This directive instructs Federal Civilian Executive Branch agencies to take action on this vulnerability. #InfoSec #InfoSecurity 1/2

To be clear, Microsoft had been informed about Zerologon back in August and even released a patch to alleviate the flaw specifically for its Windows Server OS. Despite this, CISA is clearly not taking any further chances with the exploit, which explains why it issued the emergency directive in the first place.

To that end, the emergency directive will require all agencies to either update all Windows Servers with the domain controller role, or to simply “pull un-updatable systems from the network. It’s an extreme reaction from a government agency, but at the same time, it can also be argued that you wouldn’t want to find yourself on the receiving end of an exploit with the higher severity rating on the Common Vulnerability Scoring System (CVSS).

A hardware enthusiast who just can’t seem to stop playing around with PC components and consumer tech devices. Also has a very unearthly love for tea. No seriously, it’s very unearthly.

Source: https://www.lowyat.net/2020/221829/us-homeland-security-issues-warning-for-zerologon-security-flaw-on-windows/

Microsoft Windows, United States Department of Homeland Security, Microsoft Corporation, Computer security, Windows Server, Vulnerability

World news – GB – US Homeland Security Issues Warning For Zerologon Security Flaw On Windows

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here