U.S. Department of Homeland Security Hit by Severe Vulnerability
The security breach is called "Zerologon."
It is so serious that it even undermines U.S. homeland security. Technically, its name is "CVE-2020-1472." Its peculiarity lies in the fact that it allows a hacker to take control of a Windows domain, the Netlogon protocol. In particular, the U.S. Department of Homeland Security is of great concern. It security managers from all government agencies have been mobilized. All those who do not apply or who do not apply the security patches that will soon be provided by Microsoft no later than October 1, 2020 a heavy function on the part of the U.S. administration.
In a sense, the "Zerologon" vulnerability is estimated to be 10, a maximum score on the Common Vulnerability Scoring System scale.
It should also be noted that this critical security flaw with the CVE-2020-1472 identifier dubbed Zerologon, was discovered a long time ago and even corrected by an update available from Microsoft since last August. The importance of correcting this vulnerability is such that it has pushed the most discreet US administration out of the way. In a blog post late last week, the U.S. Department of Homeland Security called on all government agencies to enforce Microsoft's security patch. The deadline for completing this task was September 21, 2020 from midnight.
"Before 11:59 p.m. on Wednesday, September 23, 2020, submit a completion report using the model provided. Director of information systems at the department level or their equivalents must submit completion reports attesting to CISA that the update has been applied to all affected servers and provide assurance that newly provisioned or previously disconnected servers will be corrected as required by this directive," the U.S. Department of Homeland Security DHS said.
Given the criticality of this flaw, the concern of this administration is clearly understandable. Especially the advantage it offers hackers to be able to control Windows systems as easily. For a breach rated at level 10 of its severity, it is clear that drastic measures are needed to solve this problem. The deadline imposed and the penalties that may fall for non-compliance. "Starting October 1, 2020, the Director of CISA will engage ISDs and/or senior agency officials to manage the risks of agencies that have not taken the required actions, if any and on the basis of a risk-based approach. By October 5, 2020, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget identifying inter-agency status and outstanding issues, the Department of Homeland Security said.
Now access an unlimited number of passwords: