https://www.cyberscoop.com/cisa-emergency-order-sigred-windows-dns/
By Sean Lyngaas
CYBERSCOOP
July 16, 2020
The Department of Homeland Security’s cybersecurity division on Thursday
ordered federal civilian agencies to apply a security fix for a newly
revealed Microsoft Windows vulnerability, citing the “unacceptable
significant risk” posed by the flaw to agencies’ security.
The emergency order — only the third ever issued by DHS’s Cybersecurity
and Infrastructure Security Agency — gave agencies roughly 24 hours to
either patch Windows servers used for domain name system purposes or apply
another mitigation. Organizations with affected servers that aren’t for
DNS have until July 24 to patch.
The urgency of the directive is “based on the likelihood of the
vulnerability being exploited, the widespread use of the affected software
across the federal enterprise, the high potential for a compromise of
agency information systems, and the grave impact of a successful
compromise,” CISA said in its directive. The agency said it wasn’t aware
of any active exploitation of the vulnerability — yet.
“[I]t is only a matter of time for an exploit to be created for this
vulnerability,” CISA Director Chris Krebs said.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
