Information Security News mailing list archives
CISA issues emergency order requiring agencies to patch critical Windows bug
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 17 Jul 2020 05:03:27 +0000 (UTC)
https://www.cyberscoop.com/cisa-emergency-order-sigred-windows-dns/ By Sean Lyngaas CYBERSCOOP July 16, 2020The Department of Homeland Security’s cybersecurity division on Thursday ordered federal civilian agencies to apply a security fix for a newly revealed Microsoft Windows vulnerability, citing the “unacceptable significant risk” posed by the flaw to agencies’ security.
The emergency order — only the third ever issued by DHS’s Cybersecurity and Infrastructure Security Agency — gave agencies roughly 24 hours to either patch Windows servers used for domain name system purposes or apply another mitigation. Organizations with affected servers that aren’t for DNS have until July 24 to patch.
The urgency of the directive is “based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise,” CISA said in its directive. The agency said it wasn’t aware of any active exploitation of the vulnerability — yet.
“[I]t is only a matter of time for an exploit to be created for this vulnerability,” CISA Director Chris Krebs said.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ Follow InfoSec News on Twitter https://twitter.com/infosecnews_ Follow InfoSec News on LinkedIn https://www.linkedin.com/company/infosecnews/
Current thread:
- CISA issues emergency order requiring agencies to patch critical Windows bug InfoSec News (Jul 16)