CISA orders agencies to quickly patch critical Netlogon bug

CISA has increasingly used its emergency-directive authority to try to keep foreign spies or criminals from burrowing into federal networks
Homeland Security (DHS)
(U.S. Army Garrison - Miami / Flickr)

For several days, security experts have urged organizations to fix a critical vulnerability in a Microsoft protocol that hackers could use to steal sensitive data. Now, U.S. government agencies don’t have a choice but to act.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on late Friday evening ordered federal civilian agencies to apply a patch for the vulnerability by the end of the day Monday. The “emergency directive” — only the fourth ever issued by the agency — reflects the “unacceptable risk” the vulnerability poses to federal agencies because the affected software is used throughout the government, officials said.

The bug is the latest in a bevy of critical flaws to emerge in popular software this year. In response, CISA has increasingly used its emergency-directive authority to try to keep foreign spies or criminals from burrowing into federal networks. In July, CISA gave agencies 24 hours to address another critical Windows-related vulnerability.

The latest vulnerability affects the Netlogon protocol that Microsoft employs to authenticate users within a domain. That means a hacker with access to an internal network could exploit the bug to essentially impersonate any user on the network, including the domain controller responsible for handling security requests.


Security experts have warned that complacency is not an option.

Microsoft issued a fix for the flaw in August, but the issue took on greater urgency last week when researchers released a “proof of concept” showing just how easy it is to exploit the bug. More exploits followed, setting off a scramble to patch systems.

“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” said Bryan S. Ware, assistant director for cybersecurity at CISA.

Foreign espionage groups often exploit known vulnerabilities in widely used software to infiltrate targets. Earlier this month, CISA warned that hackers associated with China’s civilian intelligence service, the MSS, were exploiting VPN software to target U.S. government agencies.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts