Agencies face a quick turnaround to address a known vulnerability in Windows Domain Name System servers.
The Cybersecurity and Infrastructure Security Agency, under an emergency directive, is giving agencies until 2 p.m. Friday, July 17, to apply a patch released Tuesday — or a “temporary registry-based workaround” — for Windows Servers running DNS.
“CISA has determined that this vulnerability poses unacceptable significant risk to the federal civilian executive branch and requires an immediate and emergency action,” the agency wrote in its emergency directive.
CISA issued the emergency directive “based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise.”
CISA Director Chris Krebs wrote in a separate blog post that this marks the third emergency directive he’s approved during his tenure.
In January, CISA required “emergency action” from agencies on Microsoft’s Windows operating system vulnerability, giving…