Windows Server Update Gets Serious: You Have The Weekend To Comply, Homeland Security Says
Windows security updates should always be taken seriously, of that there is no doubt. But when the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive for a perfect 10, critical, Windows Server vulnerability, the urgency meter goes off the scale.
This is a vulnerability that could enable an attacker with network access to gain admin status by sending a string of zeros using the Windows Netlogon protocol. A vulnerability that, CISA said, must be assumed as being actively exploited in the wild.
Here's what we know about the Zerologon exploit and what you need to do about it right now.
CISA doesn't issue emergency directives unless there's a serious cause for concern. The last time I reported on such a rare directive was back in July when government agencies were given just 24 hours to update, you guessed it, Windows Server.
No comments:
Post a Comment