Another day, another Windows vulnerability. This time, a bug has even made the U.S. Homeland Security worried. The agency's cybersecurity division has issued a warning about the "critical" security flaw that can compromise systems and servers running Windows Server edition.
Dubbed as the "Zerologon" vulnerability, the bug can be exploited by hackers to take control of the network. It is named Zerologon because a hacker doesn't need a password to access the network. They will just have to exploit the bug in a vulnerable system connected to the network. Once they have access, hackers can control the servers and even the domain controllers.
The Cybersecurity and Infrastructure Security Agency (CISA), a part of Homeland Security, has asked all federal agencies to immediately patch the systems by Monday (September 21) as the risk was "unacceptable".
The Zerologon vulnerability was first noticed by cybersecurity researcher Tom Tervoort at Secura and released a testing tool to identify if the vulnerability was present in the system. As the vulnerability allows one-click administrator access to the network, hackers could deploy malware and steal sensitive data.
"CISA issued Emergency Directive 20-04, which instructs the Federal Civilian Executive Branch agencies to apply August 2020 security update (CVE-2020-1472) for Microsoft's Windows Servers to all domain controllers. The update fixes a recently discovered flaw in Windows Netlogon Remote Protocol that could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services," the agency said.
While Microsoft did release a patch to fix the bug in August, another patch would be needed to completely eliminate the issue, reported TechCrunch. However, with the exploit code is already available on the internet, CISA believes hackers are using the proof-of-concept code to find vulnerable devices.
"Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild," it said.
The CISA, thus, has not only directed all federal agencies to immediately patch the systems but has also urged companies and people running Windows to apply the security update. In case the patch could not be applied, the agency has advised them to remove "relevant domain controllers" from networks.
However, this is not the first time a vulnerability has been noticed in the Windows Server operating system. In July, another critical vulnerability was exposed. First noticed by security researchers at Check Point, the bug, dubbed as SigRed, was a 17-year-old issue that could allow hackers to "craft malicious DNS queries to the Windows DNS server, and achieve arbitrary code execution that could lead to the breach of the entire infrastructure." Microsoft released a patch to fix the CVE-2020-1350 vulnerability.