The Department of Homeland Security (DHS) is warning of a Windows Server bug that can give hackers access to any machine on a network.
Microsoft issued a patch in August that serves as a stopgap measure to prevent the vulnerability from being used. A permanent fix is expected early next year. In the meantime, the vulnerability does not require a hacker to steal authentication information. Instead, a hacker merely has to forge “an authentication token for specific Netlogon functionality,” according to Tom Tervoort, Senior Security Specialist and Ralph Moonen, Technical Director at Secura.
Once the token is used, an attacker is “able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.” This attack would allow a hacker to take over any computer on the network.
The vulnerability has been given the highest severity rating, a CVSS score of 10.0. As a result, DHS is giving government offices until 11:59 PM, Monday, September 21 to implement the patch. Needless to say, all other organizations should implement Microsoft’s patch immediately, and be on the lookout for the permanent fix early next year.
