Last week the Cybersecurity and Infrastructure Security Agency announced Emergency Directive 20-04, "Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday". This notice was to alert information services administrators of a vulnerability in the Microsoft Windows Netlogon Remote Protocol "...a core authentication component of Active Directory, could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity service..."
We recommend all Covered Entities and Business Associates evaluate whether the Microsoft August 2020 Security Update is applicable and appropriate to their computing environment and patch their domain controllers in support of §164.308(a)(5)(ii)(B), Protection from Malicious Software. Click the graphic below to read the source Emergency Directive.
Stay (HIPAA) safe,