Email this Article Email   

CHIPS Articles: Windows Vulnerabilities That Require Immediate Attention

Windows Vulnerabilities That Require Immediate Attention
By Department of Homeland Security Cybersecurity & Infrastructure Security Agency - January 15, 2020
The most important thing you can do for your cybersecurity is to update your software – and if you’re a Windows user, today is your day.

[Yesterday], we issued Emergency Directive 20-02, which instructs most Federal civilian Executive Branch agencies to apply the security updates Microsoft released in today’s Patch Tuesday. The vulnerabilities fixed include serious flaws in how Windows trusts software and connects to remote computers, which, among others, include CVE-2020-0601, CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611.

While agencies are responsible for managing risk to their networks, CISA is responsible for safeguarding and securing the Federal enterprise. We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary – indeed, this is only the second time CISA has ever issued an emergency directive.

But left unpatched, these vulnerabilities hit at the core of digital trust, and pose an unacceptable risk to the Federal enterprise that require an immediate and emergency action. We have directed agencies to implement the patch across their infrastructure within 10 days, and given instructions for which of their many systems to prioritize.

CISA will provide assistance and resources to guide agencies with completing required actions. The investments in Continuous Diagnostics and Mitigation Program will pay dividends as it will help federal agencies with mature implementation to identify where unpatched versions reside and track patching progress. For additional support, our state and local government partners are encouraged to contact Multi-State-Information Sharing and Analysis Center (MS-ISAC) at soc@cisecurity.org.

Though this directive applies only to certain Executive Branch agencies, we strongly urge our partners in State and local government, the private sector, and the American public to apply this security update as soon as possible and also turn on automatic updates. We have published anActivity Alert with information about our directive, as well as resources to help critical infrastructure protect their networks. We’d also like to acknowledge the efforts of our partners at Microsoft in working to ensure the security of their products.

Go get patching!

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer