Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access could exploit this vulnerability to compromise identity services on domain controller servers that permit network access.
CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action for Federal government departments and agencies to apply the Microsoft released patch to mitigate the vulnerability. CISA also strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.
Federal banking regulators may provide guidance to regulated financial institutions in the coming days regarding the CISA directive.
The August 2020 Microsoft Security Update patch mitigates this exploit. BankOnIT previously applied this update to affected servers on BankOnIT’s network and on BankOnIT managed client financial institution servers. This patch, along with every patch BankOnIT manages, is documented in each BankOnIT’s Client Management Console patch management report.
BankOnIT strongly encourages client institutions to document a response to this vulnerability by reviewing and retaining this Security Update and including it in your institution’s regular Information Technology Committee Meeting minutes or other reporting structure the bank has for Information Technology. Additionally, management and board reporting provided in BankOnIT’s Client Management Console should continue to be part of the information provided to IT committee meetings and board meetings.
For more information and technical details about this critical vulnerability see the following sites:
US Cybersecurity & Infrastructure Agency - CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol