The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive to federal agencies demanding that they apply an August update to Windows Server before Tuesday to address a critical vulnerability that could allow an attacker to compromise all Active Directory identity services.
The vulnerability – CVE-2020-1472 – is an elevation of privilege vulnerability in Microsoft’s Netlogon. Microsoft patched the vulnerability in August, but unpatched systems can still be a target for cybercriminals and other bad actors. Exploiting this vulnerability could result in an authorized user obtaining domain administrator access.
According to CISA, the exploit code is available in the wild, so it should be assumed that these attacks are currently happening.
“CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” the agency said in the emergency directive.
According to Microsoft, an attacker who successfully exploits the vulnerability could run a specially crated application on a deice on the network.
An attacker must first use the MS-NRPC to connect to a domain controller to obtain domain administrator access.
According to Forbes, CISA doesn’t issue emergency directives unless there’s a very serious cause for concern.
CVE-2020-1472 is about as serious as it gets, hence the maximum 10 Common Vulnerability Scoring System (CVSS) rating and the critical severity that Microsoft has attached to it. The vulnerability itself opens the doors for an attacker already inside the network to access the Windows Server Active Directory domain controller.
Microsoft’s two phases of updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
CISA issued the emergency directive on Friday, so federal agencies had the weekend to upgrade their systems.
It’s not just federal agencies that need to watch out for this vulnerability, as the same exploit can be used against state and local governments as well as the enterprise.