CERT mailing list archives
CISA Releases Emergency Directive on Critical Microsoft Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 16 Jul 2020 20:17:11 +0000
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: CISA Releases Emergency Directive on Critical Microsoft Vulnerability [ https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability ] 07/16/2020 03:28 PM EDT Original release date: July 16, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive 20-03 addressing a critical vulnerabilityCVE-2020-1350affecting all versions of Windows Server with the Domain Name System (DNS) role enabled. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is considered wormable because malware exploiting it on a system could, without user interaction, propagate to other vulnerable systems. Although Emergency Directive 20-03 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information: * CISA Emergency Directive 20-03: Mitigate Windows DNS Server Remote Code Execution Vulnerability from July 2020 Patch Tuesday [ https://cyber.dhs.gov/ed/20-03/ ] * CISA Blog on Emergency Directive (ED 20-03) Windows DNS Server Vulnerability [ https://www.cisa.gov/blog/2020/07/16/emergency-directive-ed-20-03-windows-dns-server-vulnerability ] * Microsoft Security Vulnerability Information for CVE-2020-1350 [ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 ] * Microsoft Security Blog Post: CVE-2020-1350 Vulnerability in Windows DNS Server [ https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/ ] This product is provided subject to this Notification [ https://us-cert.cisa.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- CISA Releases Emergency Directive on Critical Microsoft Vulnerability US-CERT (Jul 16)