Update Windows Servermu CVE-2020-1472

Panggilan darurat untuk semua para system administrator untuk segera melakukan update Windows Server kalian. Hal ini karena hasil investigasi dari Agensi Keamanan Cyber Amerika mendeteksi adanya ancaman dengan codename Zerologon vulnerability (CVE-2020-1472).

Sebenernya saya males banget untuk translate dan takut merubah arti aslinya. Sebaiknya anda-anda baca sendiri yak hahaha…

Kata CISA

The background to the CISA statement is the knowledge, that the Zerologon vulnerability (CVE-2020-1472) allows Active Directory Domain Controllers (DC) to be overtaken and that there is a publicly available exploit for the vulnerability. CVE-2020-1472 is a Privilege Escalation Vulnerability that is made possible by the insecure use of AES-CFB8 encryption for Netlogon sessions. See also my blog post Windows Server: Zerologon vulnerability (CVE-2020-1472) allows domain hijacking. CISA writes about it:

CISA has determined that this vulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action. This determination is based on the following:

  • the availability of the exploit code in the wild increasing likelihood of any unpatched domain controller being exploited;
  • the widespread presence of the affected domain controllers across the federal enterprise;
  • the high potential for a compromise of agency information systems;
  • the grave impact of a successful compromise; and
  • the continued presence of the vulnerability more than 30 days since the update was released.

CISA requires agencies to immediately apply the Windows Server August 2020 security update to all domain controllers.

Intinya

Setelah panjang lebar, intinya adalah kita diharuskan untuk melakukan Windows Update minimal untuk Agustus 2020 security update di bagian domain controller.

Sayangnya pada Windows Server 2008 tidak tersedia patch fix ini, kecuali kamu pernah berlangganan Microsoft ESU program sebelumnya.

Sedangkan untuk Windows Server 2012 ke atas bisa langsung melakukan upgrade dan reboot servernya untuk apply patch.

Sebenarnya ada cara untuk alternatif fix CVE-2020-1472 di Windows Server 2008, namun saya sarankan untuk segera pindah ke environment Windows Server 2012 atau 2016 segera. Karena kemungkinan makin banyak bugfix yang bakal bermunculan.

Baca juga : Cara mengembalikan kartu indosat yang hangus.

Leave a Comment