The Windows Security Flaw
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently announced that the critical security vulnerability of Windows Servers used by federal officials has been compromised.
CISA found a flaw in Windows Netlogon Remote Protocol that could let attackers with network access to “completely compromise all Active Directory identity services.”
Thus, CISA encourages government agencies to immediately install a patch. If left untended, the vulnerability, known as CVE-2020-1472 could lead to a “grave impact.”
“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” CISA added. “Left unpatched, this vulnerability could allow attackers to compromise network identity services.”
Immediate Attention Needed
According to reports, the systems running Windows Server 2008 R2 and later, also the recent ones using versions of Windows Server based on Windows 10 are highly affected by this security flaw. CISA also warned government agencies that the deadline for the patch installation is on September 21.
“We have directed agencies to implement the patch across their infrastructure by Monday, September 21, and given instructions for which of their many systems to prioritize,” CISA stated.
Meanwhile, Microsoft confirmed that it’s fixing the vulnerability through a phased two-part rollout. The first phase will be about installing a security patch released last month, which will give the first layer of protection. Then, they will release another patch by February 9, 2020, to further strengthen the security.
“These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels,” the company announced.
Editor’s note on the Windows Security Flaw:
This piece is to inform you about the Windows Security Flaw. For more information on this, please contact us today!
We’d be happy to help you take a step in the right direction, fight this issue, and better enable you to join in on any potential consumer class action. If interested, please send an email to Outreach@ConsiderTheConsumer.com, find us on Twitter or Facebook, or even connect with us directly on our website! We look forward to hearing from you all.
Similarly, please check out our current list of Class Actions and Class Action Investigations, here.
Interested in articles like these? Become a subscriber below!