DHS gives federal agencies 24 hours to patch critical Microsoft Windows vulnerability

The Department of Homeland Security’s Cyberspace and Infrastructure Security Agency (CISA) on Thursday directed that all federal agencies will be required to update a major vulnerability within the Microsoft Windows Server program within the next 24 hours.

CISA Director Christopher Krebs wrote blog post Is announcing Emergency instructions Unless the agency had seen no evidence of being exploited, the vulnerability, if not patched, could allow a remote attacker to control a system.

“Due to the widespread proliferation of Windows Server in civilian executive branch agencies, I have determined that immediate action is necessary, and this remote code execution vulnerability in Windows Server’s Domain Name System (DNS) is particularly critical to federal departments and agencies. Need to be taken. ” “Krebs wrote.

Microsoft on Tuesday released a patch for the “wormless” vulnerability, warning that the vulnerability could potentially spread dangerous malware between computers.

Macle Gruhn, Chief Security Manager at the Microsoft Security Response Center stated, “While this vulnerability is not currently known to be used in active attacks, it is imperative that customers apply Windows Update to implement this vulnerability as soon as possible Do. ” blog post.

Agencies have implemented on all Windows servers by Friday afternoon to ensure security updates, and by July 24 to submit a report to CISA to implement new technical and management controls and complete patches.

While the directive was only a requirement for federal agencies, Krebs strongly recommended that other government organizations and private sector groups immediately patch the vulnerability as well.

“They must identify if this critical vulnerability exists on their network and assess their plan to resolve this critical threat immediately,” Krebs wrote. “If you have Windows servers running DNS, you should patch now. Do not wait on it.

The CISA move marked the third time the agency has issued an emergency directive. this was it Previously issued a directive In January Microsoft had different weaknesses that allowed hackers to create digital signatures and use a system, among other issues.