The bug has given Microsoft fits for weeks, and now CISA is requiring federal agencies to take action.