The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability – CVE-2020-1472 – affecting Microsoft Windows Netlogon Remote Protocol. ED 20-04 applies to federal government departments and agencies, requiring that they apply updates and report completion to CISA by Wednesday, September 23. However, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild. In its advisory, it provides a series of resources to access for more information. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!