Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Homeland Security issues rare emergency alert over ‘critical’ Windows bug

September 2020 by Joseph Carson, chief Security Scientist at Thycotic

Following CISA’s emergency alert to government departments after the recent disclosure of a critical rated security vulnerability in server versions of Microsoft Windows, the comment from Joseph Carson, Chief Security Scientist at Thycotic:

“In a rare move from the Cybersecurity and Infrastructure Agency, typically known as CISA, the department has issued an emergency alert for all government departments to urgently patch windows systems resulting from a serious vulnerability in Microsoft Windows which could allow an attacker to elevate privileges via network access. This type of vulnerability is quite severe and has a critical rating of 10 in the CVSS score for CVE-2020-1472. Moments like this are gold for cybercriminals who already have a light foothold on networks with low privileged users from previously compromised windows laptops. These attackers tend to be waiting for the right moment when a serious vulnerability allows them to quickly elevate to a privileged user, allowing them to roam around the network gaining access to sensitive systems and CVE-2020-1472 is one of those vulnerabilities that attackers will abuse. For CISA to issue the alert means that they have probably already observed attempts to exploit this critical vulnerability which means that it is highly likely that some departments have already fallen victim. Privilege compromise is an extremely severe security issue, it should be a top priority to patch vulnerable systems, take privileged access seriously and apply the principle of least privilege with a strong privileged access management solution.”

See previous articles


See next articles