CISA issues emergency order requiring agencies to patch critical Windows bug

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/cisa-emergency-order-sigred-windows-dns/

By Sean Lyngaas
CYBERSCOOP
July 16, 2020

The Department of Homeland Security’s cybersecurity division on Thursday 
ordered federal civilian agencies to apply a security fix for a newly 
revealed Microsoft Windows vulnerability, citing the “unacceptable 
significant risk” posed by the flaw to agencies’ security.

The emergency order — only the third ever issued by DHS’s Cybersecurity 
and Infrastructure Security Agency — gave agencies roughly 24 hours to 
either patch Windows servers used for domain name system purposes or apply 
another mitigation. Organizations with affected servers that aren’t for 
DNS have until July 24 to patch.

The urgency of the directive is “based on the likelihood of the 
vulnerability being exploited, the widespread use of the affected software 
across the federal enterprise, the high potential for a compromise of 
agency information systems, and the grave impact of a successful 
compromise,” CISA said in its directive. The agency said it wasn’t aware 
of any active exploitation of the vulnerability — yet.

“[I]t is only a matter of time for an exploit to be created for this 
vulnerability,” CISA Director Chris Krebs said.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/