Homeland Security Announces Windows Security Threat
According to a DHS statement released late Friday, a notable security flaw could have affected you, if your network relies on Microsoft Windows Active Directory. More specifically, an issue with the Netlogon Remote Protocol “could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services.”
Simply put, from the sounds of it, this vulnerability is pretty serious.
“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” read the statement from DHS. “Left unpatched, this vulnerability could allow attackers to compromise network identity services.”
Dubbed the Zerologon vulnerability, this security flaw was rated the maximum ten out of ten in terms of how dangerous it could be to your network, a rating similarly not thrown around lightly by the DHS.
The bug was discovered by Secura, a cybersecurity company, which pointed out that exploiting takes “about three minutes in practice,” which means that taking action sooner rather than later is imperative to keeping your organization safe online.