Sponsored Links

Homeland Security warns of a 'critical' security flaw in Windows servers

Zerologon lets attackers compromise entire networks.
Colleagues working together in server room
Erik Isakson via Getty Images
Jon Fingas
Jon Fingas|@jonfingas|September 20, 2020 1:58 PM

The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon. The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.

CISA said it was issuing the warning for the dire consequences, the availability of “in the wild” exploits and the sheer ubiquity of affected Windows servers serving as domain controllers. It affects systems running Windows Server 2008 R2 and later, including recent ones using versions of Server based on Windows 10.

The security hole isn’t difficult to use. It takes “about three seconds in practice,” according to Secura.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Agencies have to install the patch no later than September 21st.

While the alert is clearly aimed at federal officials, it also serves as a warning for private firms that depend on Windows servers and Active Directory. If an intruder successfully launches this exploit, they’ll effectively have control of the network. They could spread malware, steal data or otherwise cause havoc. Some companies have already suffered major disruptions due to malware this year, and that trend could continue if they don’t protect themselves against flaws like Zerologon in a timely fashion.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Homeland Security warns of a 'critical' security flaw in Windows servers